{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:55:57.165","vulnerabilities":[{"cve":{"id":"CVE-2023-45851","sourceIdentifier":"psirt@bosch.com","published":"2023-10-25T18:17:35.427","lastModified":"2024-11-21T08:27:28.970","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. \r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"},{"lang":"es","value":"La aplicación cliente de Android, cuando se inscribe en el servidor AppHub, se conecta a un agente MQTT sin exigir ninguna autenticación del servidor. Este problema permite a un atacante forzar a la aplicación cliente de Android a conectarse a un agente MQTT malicioso, lo que le permite enviar mensajes falsos al dispositivo HMI."}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"7FFA1309-DBEE-46F1-B6FD-DAE896180411"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*","matchCriteriaId":"87C129B8-F100-4D3A-97BC-BAD9A4129F9D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*","matchCriteriaId":"326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"4CA92486-EEBE-42FD-9755-006B7F2DF361"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*","matchCriteriaId":"167C9BC4-FCC5-4FAF-8F75-F967C77400A7"}]}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html","source":"psirt@bosch.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}