CVE-2021-23858

Published Oct 4, 2021

Last updated 2 years ago

CVSS high 7.5

Overview

Description: Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.
Source: psirt@bosch.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-306
psirt@bosch.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E75C9D7-9A6A-43D6-A260-9535673B87AA",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B81F392D-9700-415D-A541-7D45035A2C67"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l40_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4E20554-1346-4F07-A277-38BBC2436E20",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "33698277-B03B-4D12-B4E2-F32E3BE8E786"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l25_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72F2443A-5B3B-46F1-8ECF-93BA2E68D241",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l25:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "107BE5D1-062D-4D61-AB79-24D8C8FF3055"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l45_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B97235-37D0-45A7-8526-F9201D2E4021",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l45:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30B3081C-5AB6-41B4-A53F-8C0B521DCE07"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l65_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C38E88B-69AA-47F5-B3DC-7F78461229BD",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l65:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67F66AE1-9551-4E91-9476-D04B06245718"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l85_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7455F0FF-89D9-4CDA-995E-BE2B64AAC241",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l85:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E637053-B9E4-4F91-88D9-FC4039445466"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm21_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8420BD49-53E1-4467-9371-198967D0E56C",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_xm21:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "13163AF4-8079-42D7-A68E-AF92E79D11A6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm22_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "510A903A-B50D-4AB8-91CE-C18ABD7F8998",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_xm22:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "49FF38C9-2239-4C88-B13B-448B6D38FA0B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm41_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62D2DB9E-BC01-4FF2-B9E1-110E14EE3CA4",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_xm41:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B953972B-48C7-40A5-9A6C-6B876B0FF4D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm42_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "345732C4-1C46-472B-9C74-5BB399A459F4",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_xm42:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FFD5CE21-DB9C-4221-9C2D-A884622952D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:indracontrol_xlc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "227FDBBE-EF02-4B57-BAE7-A06803AB1198",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:indracontrol_xlc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A8C713B8-D965-46F8-A84D-EA61FFBB269D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:rexroth_indramotion_mlc_l75_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52593B92-03AC-4972-B444-01E6384E3ECC",
            "versionEndIncluding": "12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:rexroth_indramotion_mlc_l75:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0F46438-8E48-4AE8-92B4-6BA66A69BF60"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References