Details of VAR-202110-0247

ID

VAR-202110-0247

CVE

CVE-2021-23858

TITLE

Bosch Rexroth IndraMotion Mlc Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-95614

DESCRIPTION

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

Trust: 1.53

sources: NVD: CVE-2021-23858 // CNVD: CNVD-2021-95614 // VULMON: CVE-2021-23858

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95614

AFFECTED PRODUCTS

vendor:	bosch	model:	rexroth indramotion mlc l65	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	indracontrol xlc	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm42	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l85	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm41	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l25	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm22	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l75	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l40	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l45	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc xm21	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc l20	scope:	lte	version:	12	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion mlc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-95614 // NVD: CVE-2021-23858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23858
value:	HIGH
Trust: 1.0
psirt@bosch.com:	CVE-2021-23858
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-95614
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202110-173
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-23858
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-23858
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-95614
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23858
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@bosch.com:	CVE-2021-23858
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-95614 // VULMON: CVE-2021-23858 // CNNVD: CNNVD-202110-173 // NVD: CVE-2021-23858 // NVD: CVE-2021-23858

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0

sources: NVD: CVE-2021-23858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-173

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202110-173

PATCH

title:	Patch for Bosch Rexroth IndraMotion Mlc Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/303886	Trust: 0.6
title:	Bosch Rexroth Rexroth IndraMotion Mlc Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165354	Trust: 0.6

sources: CNVD: CNVD-2021-95614 // CNNVD: CNNVD-202110-173

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23858	Trust: 2.3
db:	CNVD	id:	CNVD-2021-95614	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-173	Trust: 0.6
db:	VULMON	id:	CVE-2021-23858	Trust: 0.1

sources: CNVD: CNVD-2021-95614 // VULMON: CVE-2021-23858 // CNNVD: CNNVD-202110-173 // NVD: CVE-2021-23858

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-741752.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23858	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-23858	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-95614 // VULMON: CVE-2021-23858 // CNNVD: CNNVD-202110-173 // NVD: CVE-2021-23858

SOURCES

db:	CNVD	id:	CNVD-2021-95614
db:	VULMON	id:	CVE-2021-23858
db:	CNNVD	id:	CNNVD-202110-173
db:	NVD	id:	CVE-2021-23858

LAST UPDATE DATE

2024-08-14T14:11:13.753000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95614	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23858	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202110-173	date:	2022-08-31T00:00:00
db:	NVD	id:	CVE-2021-23858	date:	2022-08-30T18:18:00.280

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95614	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23858	date:	2021-10-04T00:00:00
db:	CNNVD	id:	CNNVD-202110-173	date:	2021-10-04T00:00:00
db:	NVD	id:	CVE-2021-23858	date:	2021-10-04T18:15:07.987