Many security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if properly exploited, could make it possible for attackers to execute arbitrary code on afflicted units.
Romanian cybersecurity company Bitdefender, which uncovered the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to change the unit firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS score: 8.3), the high-severity vulnerability was tackled by Bosch in November 2023.
“A network port 8899 is often open up in BCC101/BCC102/BCC50 thermostat merchandise, which enables an unauthenticated relationship from a area WiFi network,” the company stated in an advisory.
The issue, at its main, impacts the WiFi microcontroller that functions as a network gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker could ship commands to the thermostat, together with writing a malicious update to the system that could both render the unit inoperable or act as a backdoor to sniff website traffic, pivot onto other products, and other nefarious things to do.
Bosch has corrected the shortcoming in firmware version 4.13.33 by closing the port 8899, which it reported was made use of for debugging needs.
The German engineering and tech firm has also been created knowledgeable of more than two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker could abuse to disrupt functions, tamper with critical configurations, and even install ransomware.
“Provided that the NXA015S-36V-B is qualified for security-critical jobs, an attacker could compromise the safety of the assembled solution by inducing suboptimal tightening, or trigger harm to it owing to extreme tightening,” Nozomi Networks said.
The flaws, the operational technology (OT) security company added, could be utilized to get remote execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard screen and disabling the result in button to demand from customers a ransom.
“Presented the relieve with which this attack can be automated across several units, an attacker could quickly render all resources on a production line inaccessible, most likely producing important disruptions to the remaining asset operator,” the enterprise included.
Patches for the vulnerabilities, which influence many NXA, NXP, and NXV series products, are expected to be transported by Bosch by the conclusion of January 2024. In the interim, customers are proposed to restrict the network reachability of the machine as a lot as feasible and review accounts that have login obtain to the gadget.
The progress arrives as Pentagrid discovered quite a few vulnerabilities in Lantronix EDS-MD IoT gateway for health care units, a person which could be leveraged by a consumer with accessibility to the web interface to execute arbitrary instructions as root on the fundamental Linux host.
Uncovered this post exciting? Comply with us on Twitter and LinkedIn to go through more distinctive information we write-up.
Some parts of this article are sourced from:
thehackernews.com