Many security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could let attackers to execute arbitrary code on impacted devices.
Romanian cybersecurity organization Bitdefender, which identified the flaw in Bosch BCC100 thermostats very last August, mentioned the issue could be weaponized by an attacker to alter the system firmware and implant a rogue version.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was resolved by Bosch in November 2023.
“A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat solutions, which allows an unauthenticated connection from a community WiFi network,” the business reported in an advisory.
The issue, at its core, impacts the WiFi microcontroller that functions as a network gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker could mail instructions to the thermostat, which includes creating a destructive update to the product that could both render the unit inoperable or act as a backdoor to sniff targeted traffic, pivot on to other products, and other nefarious pursuits.
Bosch has corrected the shortcoming in firmware variation 4.13.33 by closing the port 8899, which it claimed was applied for debugging needs.
The German engineering and tech organization has also been designed informed of around two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker could abuse to disrupt functions, tamper with critical configurations, and even set up ransomware.
“Offered that the NXA015S-36V-B is certified for protection-critical jobs, an attacker could compromise the safety of the assembled item by inducing suboptimal tightening, or result in harm to it because of to excessive tightening,” Nozomi Networks explained.
The flaws, the operational technology (OT) security agency added, could be applied to get hold of distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard display screen and disabling the bring about button to demand from customers a ransom.
“Supplied the relieve with which this attack can be automated across various units, an attacker could swiftly render all tools on a production line inaccessible, likely resulting in significant disruptions to the last asset owner,” the enterprise included.
Patches for the vulnerabilities, which effect a number of NXA, NXP, and NXV sequence devices, are envisioned to be delivered by Bosch by the end of January 2024. In the interim, buyers are recommended to limit the network reachability of the gadget as a great deal as probable and review accounts that have login accessibility to the system.
The development arrives as Pentagrid determined numerous vulnerabilities in Lantronix EDS-MD IoT gateway for clinical devices, a single which could be leveraged by a user with accessibility to the web interface to execute arbitrary instructions as root on the underlying Linux host.
Uncovered this report attention-grabbing? Observe us on Twitter and LinkedIn to browse additional distinctive material we article.
Some parts of this article are sourced from: