Description
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Bosch Rexroth AG / ctrlX OS - Setup1.20.0 – 1.20.1
- Bosch Rexroth AG / ctrlX OS - Setup2.6.0 – 2.6.1
- Bosch Rexroth AG / ctrlX OS - Setup3.6.0 – 3.6.2