CVE-2023-48250

Published Jan 10, 2024

Last updated 10 months ago

CVSS critical 9.8

Overview

Description: The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
Source: psirt@bosch.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-798
psirt@bosch.com: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8"
          },
          {
            "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8",
            "versionEndIncluding": "1500-sp2",
            "versionStartIncluding": "1000"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References