Vulnerability Description
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2107 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2110 | - |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 Firmware | All versions |
| Boschrexroth | Ctrlx Hmi Web Panel Wr2115 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.htmlMitigationVendor Advisory
FAQ
What is CVE-2023-45851?
CVE-2023-45851 is a vulnerability with a CVSS score of 8.8 (HIGH). The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Clie...
How severe is CVE-2023-45851?
CVE-2023-45851 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45851?
Check the references section above for vendor advisories and patch information. Affected products include: Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2107, Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware, Boschrexroth Ctrlx Hmi Web Panel Wr2110, Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware.