CVE-2021-23858
Last modified
CVE-2021-23858 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Rexroth Indramotion Mlc L20 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L40 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L25 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L45 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L65 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L85 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc Xm21 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc Xm22 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc Xm41 Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc Xm42 Firmware | <= 12 |
| Bosch | Indracontrol Xlc Firmware | <= 12 |
| Bosch | Rexroth Indramotion Mlc L75 Firmware | <= 12 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-23858?
How severe is CVE-2021-23858?
How do I fix CVE-2021-23858?
Are you affected by CVE-2021-23858?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST