Description
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Bosch Rexroth AG / ctrlX OS - Device Admin1.12.0 – 1.12.9
- Bosch Rexroth AG / ctrlX OS - Device Admin1.20.0 – 1.20.7
- Bosch Rexroth AG / ctrlX OS - Device Admin2.6.0 – 2.6.8