Description
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- Bosch Rexroth AG / ctrlX OS - Solutions1.12.0 – 1.12.1
- Bosch Rexroth AG / ctrlX OS - Solutions1.20.0 – 1.20.1
- Bosch Rexroth AG / ctrlX OS - Solutions2.6.0 – 2.6.0