Vulnerability Description
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
FAQ
What is CVE-2023-41255?
CVE-2023-41255 is a vulnerability with a CVSS score of 8.8 (HIGH). The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file in...
How severe is CVE-2023-41255?
CVE-2023-41255 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41255?
Check the references section above for vendor advisories and patch information. Affected products include: Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2107, Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2110, Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware.