CVE-2021-23858 — HIGH (8.6)

Q: How severe is CVE-2021-23858?

CVE-2021-23858 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23858?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Rexroth Indramotion Mlc L20 Firmware, Bosch Rexroth Indramotion Mlc L20, Bosch Rexroth Indramotion Mlc L40 Firmware, Bosch Rexroth Indramotion Mlc L40, Bosch Rexroth Indramotion Mlc L25 Firmware.

Vulnerability Description

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bosch	Rexroth Indramotion Mlc L20 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L20	-
Bosch	Rexroth Indramotion Mlc L40 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L40	-
Bosch	Rexroth Indramotion Mlc L25 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L25	-
Bosch	Rexroth Indramotion Mlc L45 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L45	-
Bosch	Rexroth Indramotion Mlc L65 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L65	-
Bosch	Rexroth Indramotion Mlc L85 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L85	-
Bosch	Rexroth Indramotion Mlc Xm21 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm21	-
Bosch	Rexroth Indramotion Mlc Xm22 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm22	-
Bosch	Rexroth Indramotion Mlc Xm41 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm41	-
Bosch	Rexroth Indramotion Mlc Xm42 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm42	-

Related Weaknesses (CWE)

CWE-306 CWE-200

References

https://psirt.bosch.com/security-advisories/bosch-sa-741752.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-741752.htmlVendor Advisory

FAQ

What is CVE-2021-23858?

CVE-2021-23858 is a vulnerability with a CVSS score of 8.6 (HIGH). Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, d...

How severe is CVE-2021-23858?

CVE-2021-23858 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23858?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Rexroth Indramotion Mlc L20 Firmware, Bosch Rexroth Indramotion Mlc L20, Bosch Rexroth Indramotion Mlc L40 Firmware, Bosch Rexroth Indramotion Mlc L40, Bosch Rexroth Indramotion Mlc L25 Firmware.