CVE-2023-45844 HIGH

CVE-2023-45844

Vendor Rexroth

Product ctrlX HMI Web Panel - WR21 (WR2107)

Weakness CWE-284

Published October 25, 2023

Last update September 10, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

Key dates

02Disclosure timeline

October 25, 2023 CVE published

September 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45844 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks CVE-2019-11892 Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Identifiers

CVE CVE-2023-45844

CWE CWE-284

CVSS 7.3 / HIGH

Affected versions

Vendor Rexroth

Product ctrlX HMI Web Panel - WR21 (WR2107)

Affected all

Vendor Rexroth

Product ctrlX HMI Web Panel - WR21 (WR2110)

Affected all

Vendor Rexroth

Product ctrlX HMI Web Panel - WR21 (WR2115)

Affected all