Description
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected products
- Bosch Rexroth AG / ctrlX OS - Device Admin1.12.0 – 1.12.9
- Bosch Rexroth AG / ctrlX OS - Device Admin1.20.0 – 1.20.7
- Bosch Rexroth AG / ctrlX OS - Device Admin2.6.0 – 2.6.8