HIGH🇵🇱 Wersja polska

CVE-2021-23855

CVSS 8.6v3.1pub. 2021-10-04upd. 2024-11-21

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Bosch Rexroth Indramotion Mlc

    HW
    Bosch
    wszystkie wersje
  • Bosch Rexroth Indramotion Mlc Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Rexroth Indramotion Xlc

    HW
    Bosch
    wszystkie wersje
  • Bosch Rexroth Indramotion Xlc Firmware

    OS
    Bosch
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-23857CRITICAL10.0ten sam produkt

Login with hash: The login routine allows the client to log in to the system not by using the password, but by...

CVE-2022-36301CRITICAL9.8ten sam vendor

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker t...

CVE-2021-23859CRITICAL9.1ten sam vendor

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2021-23856CRITICAL10.0ten sam vendor

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a ...

CVE-2021-23847CRITICAL9.8ten sam vendor

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...