Vulnerability Description
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
FAQ
What is CVE-2023-43488?
CVE-2023-43488 is a vulnerability with a CVSS score of 7.9 (HIGH). The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed ...
How severe is CVE-2023-43488?
CVE-2023-43488 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43488?
Check the references section above for vendor advisories and patch information. Affected products include: Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2107, Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2110, Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware.