Vulnerability Description
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
FAQ
What is CVE-2023-41372?
CVE-2023-41372 is a vulnerability with a CVSS score of 7.8 (HIGH). The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - control...
How severe is CVE-2023-41372?
CVE-2023-41372 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41372?
Check the references section above for vendor advisories and patch information. Affected products include: Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2107, Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2110, Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware.