Details of VAR-202110-0246

ID

VAR-202110-0246

CVE

CVE-2021-23857

TITLE

Bosch Rexroth IndraMotion Mlc authorization issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-95613

DESCRIPTION

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

Trust: 1.53

sources: NVD: CVE-2021-23857 // CNVD: CNVD-2021-95613 // VULMON: CVE-2021-23857

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95613

AFFECTED PRODUCTS

vendor:	bosch	model:	rexroth indramotion mlc l65	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm42	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l85	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm41	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l25	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm22	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l75	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l40	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion xlc	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l45	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm21	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l20	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-95613 // NVD: CVE-2021-23857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23857
value:	CRITICAL
Trust: 1.0
psirt@bosch.com:	CVE-2021-23857
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-95613
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202110-172
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-23857
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-23857
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-95613
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23857
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@bosch.com:	CVE-2021-23857
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-95613 // VULMON: CVE-2021-23857 // CNNVD: CNNVD-202110-172 // NVD: CVE-2021-23857 // NVD: CVE-2021-23857

PROBLEMTYPE DATA

problemtype:	CWE-836	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0

sources: NVD: CVE-2021-23857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-172

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202110-172

PATCH

title:	Patch for Bosch Rexroth IndraMotion Mlc authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/303891	Trust: 0.6
title:	Bosch Rexroth IndraMotion Mlc Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165838	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-23857	Trust: 0.1

sources: CNVD: CNVD-2021-95613 // VULMON: CVE-2021-23857 // CNNVD: CNNVD-202110-172

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23857	Trust: 2.3
db:	CNVD	id:	CNVD-2021-95613	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-172	Trust: 0.6
db:	VULMON	id:	CVE-2021-23857	Trust: 0.1

sources: CNVD: CNVD-2021-95613 // VULMON: CVE-2021-23857 // CNNVD: CNNVD-202110-172 // NVD: CVE-2021-23857

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-741752.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23857	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-23857	Trust: 0.1

sources: CNVD: CNVD-2021-95613 // VULMON: CVE-2021-23857 // CNNVD: CNNVD-202110-172 // NVD: CVE-2021-23857

SOURCES

db:	CNVD	id:	CNVD-2021-95613
db:	VULMON	id:	CVE-2021-23857
db:	CNNVD	id:	CNNVD-202110-172
db:	NVD	id:	CVE-2021-23857

LAST UPDATE DATE

2024-08-14T14:18:21.475000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95613	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23857	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202110-172	date:	2021-10-15T00:00:00
db:	NVD	id:	CVE-2021-23857	date:	2022-08-30T16:12:50.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95613	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23857	date:	2021-10-04T00:00:00
db:	CNNVD	id:	CNNVD-202110-172	date:	2021-10-04T00:00:00
db:	NVD	id:	CVE-2021-23857	date:	2021-10-04T18:15:07.797