HIGH🇵🇱 Wersja polska

CVE-2023-41372

CVSS 7.8v3.1pub. 2023-10-25upd. 2024-11-21

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Boschrexroth Ctrlx Hmi Web Panel Wr2107

    HW
    Boschrexroth
    wszystkie wersje
  • Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware

    OS
    Boschrexroth
    wszystkie wersje
  • Boschrexroth Ctrlx Hmi Web Panel Wr2110

    HW
    Boschrexroth
    wszystkie wersje
  • Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware

    OS
    Boschrexroth
    wszystkie wersje
  • Boschrexroth Ctrlx Hmi Web Panel Wr2115

    HW
    Boschrexroth
    wszystkie wersje
  • Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware

    OS
    Boschrexroth
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-46102HIGH8.8ten sam produkt

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange me...

CVE-2023-41960HIGH7.1ten sam produkt

The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provide...

CVE-2023-43488HIGH7.9ten sam produkt

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that s...

CVE-2023-45220HIGH8.8ten sam produkt

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip...

CVE-2023-45321HIGH8.3ten sam produkt

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ...