Security Advisories
Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.
Security Advisory ID | Assigned CVE IDs | CVSS* | Affected Products | Title | Publication Date | Last Update |
---|---|---|---|---|---|---|
BOSCH-SA-200802 | CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 |
9.8 |
|
Multiple vulnerabilities in libexpat affecting PRC7000 | 2024-10-02 | 2024-10-02 |
BOSCH-SA-258444 | CVE-2024-6387 | 8.1 |
|
"regreSSHion" OpenSSH vulnerability in PRC7000 | 2024-07-19 | 2024-07-19 |
BOSCH-SA-711465 | CVE-2023-48242 CVE-2023-48243 CVE-2023-48244 CVE-2023-48245 CVE-2023-48246 CVE-2023-48247 CVE-2023-48248 CVE-2023-48249 CVE-2023-48250 CVE-2023-48251 CVE-2023-48252 CVE-2023-48253 CVE-2023-48254 CVE-2023-48255 CVE-2023-48256 CVE-2023-48257 CVE-2023-48258 CVE-2023-48259 CVE-2023-48260 CVE-2023-48261 CVE-2023-48262 CVE-2023-48263 CVE-2023-48264 CVE-2023-48265 CVE-2023-48266 |
8.8 |
|
Multiple vulnerabilities in Nexo cordless nutrunner | 2024-01-09 | 2024-01-29 |
BOSCH-SA-164691 | CVE-2023-5246 | 8.8 |
|
Vulnerability in SICK Flexi Soft Gateway | 2023-10-24 | 2023-10-24 |
BOSCH-SA-175607 | CVE-2023-41255 CVE-2023-41372 CVE-2023-41960 CVE-2023-43488 CVE-2023-45220 CVE-2023-45321 CVE-2023-45844 CVE-2023-45851 CVE-2023-46102 |
8.8 |
|
Multiple vulnerabilities on ctrlX HMI / WR21 | 2023-10-20 | 2023-11-21 |
BOSCH-SA-894143 | CVE-2023-23444 | 7.5 |
|
Vulnerability in the interface module SLC-0-GPNT00300 | 2023-07-04 | 2023-07-04 |
BOSCH-SA-833074 | CVE-2022-4304 CVE-2023-2673 |
5.9 |
|
Vulnerability in routers FL MGUARD and TC MGUARD | 2023-07-04 | 2023-07-04 |
BOSCH-SA-387640 | CVE-2023-23451 | 9.8 |
|
Use of Telnet in the interface module SLC-0-GPNT00300 | 2023-04-28 | 2023-04-28 |
BOSCH-SA-931197 | CVE-2022-3480 | 7.5 |
|
Vulnerability in routers FL MGUARD and TC MGUARD | 2023-03-03 | 2023-03-03 |
BOSCH-SA-463993 | CVE-2022-27579 CVE-2022-27580 |
7.8 |
|
SafeLogic Designer vulnerabilities | 2022-08-11 | 2022-08-11 |
BOSCH-SA-577411 | CVE-2022-22513 CVE-2022-22514 CVE-2022-22515 CVE-2022-22517 CVE-2022-22519 |
7.5 |
|
Vulnerabilities in the communication protocol of the PLC runtime | 2022-05-02 | 2022-10-11 |
BOSCH-SA-982696 | CVE-2022-0778 | 7.5 |
|
Vulnerability in routers FL MGUARD and TC MGUARD | 2022-04-27 | 2022-04-27 |
BOSCH-SA-029150 | CVE-2016-10228 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-6096 CVE-2021-27645 CVE-2021-3326 CVE-2021-35942 CVE-2021-3998 CVE-2021-3999 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 |
9.8 |
|
Multiple vulnerabilities (ctrlX CORE) | 2022-04-20 | 2022-04-20 |
BOSCH-SA-572602 | CVE-2021-44228 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 |
10.0 |
|
Apache Log4j Vulnerabilities | 2021-12-21 | 2022-01-10 |
BOSCH-SA-741752 | CVE-2021-23855 CVE-2021-23856 CVE-2021-23857 CVE-2021-23858 |
10.0 |
|
Multiple vulnerabilities in the web server | 2021-09-29 | 2022-08-25 |
BOSCH-SA-670099 | CVE-2021-30186 CVE-2021-30188 CVE-2021-30189 CVE-2021-30190 CVE-2021-30191 CVE-2021-30192 CVE-2021-30193 CVE-2021-30194 CVE-2021-30195 |
9.8 |
|
Vulnerabilities in CODESYS V2 runtime systems | 2021-07-20 | 2021-07-20 |
BOSCH-SA-475180 | CVE-2021-30186 CVE-2021-30188 CVE-2021-30195 |
9.8 |
|
Vulnerabilities in CODESYS V2 runtime systems | 2021-07-09 | 2021-07-09 |
BOSCH-SA-350374 | CVE-2021-29242 | 7.3 |
|
Vulnerability in the routing protocol of the PLC runtime | 2021-05-19 | 2021-05-19 |
BOSCH-SA-017743 | CVE-2020-26116 CVE-2020-27619 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-3177 CVE-2021-3449 |
9.8 |
|
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities | 2021-04-30 | 2021-04-30 |
BOSCH-SA-428397 | --- | --- |
|
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline | 2021-04-30 | 2021-04-30 |
BOSCH-SA-918106 | CVE-2020-27815 CVE-2020-27830 CVE-2020-28374 CVE-2020-28941 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-27803 |
9.1 |
|
Multiple vulnerabilities in ctrlX CORE and IoT Gateway | 2021-04-23 | 2021-04-23 |
BOSCH-SA-637429 | CVE-2021-20986 | 7.5 |
|
Denial of Service in Rexroth ActiveMover using Profinet protocol | 2021-03-31 | 2022-01-26 |
BOSCH-SA-282922 | CVE-2021-20987 | 7.5 |
|
Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol |
2021-03-31 | 2021-03-31 |
BOSCH-SA-372917 | CVE-2020-29661 CVE-2021-3156 CVE-2021-3347 |
7.8 |
|
Privilege Escalation via sudo and Linux kernel | 2021-02-24 | 2021-02-24 |
BOSCH-SA-932910 | CVE-2020-12523 | 5.4 |
|
LAN ports get functional after reboot even if they are disabled in the device configuration | 2021-02-03 | 2021-02-03 |
BOSCH-SA-775371 | CVE-2020-25159 | 9.8 |
|
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol | 2021-01-27 | 2021-01-27 |
BOSCH-SA-274557 | CVE-2020-1971 | 5.9 |
|
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971 | 2020-12-18 | 2021-01-21 |
BOSCH-SA-387388 | CVE-2019-18858 CVE-2019-5105 CVE-2019-9010 CVE-2019-9012 CVE-2019-9013 CVE-2020-10245 |
10.0 |
|
Multiple vulnerabilities in 3S CODESYS Runtime in PRC7000 | 2020-12-16 | 2020-12-16 |
BOSCH-SA-152060 | CVE-2019-5105 CVE-2020-7052 |
7.5 |
|
Denial of Service in PLC Runtime affecting Rexroth IndraMotion | 2020-12-16 | 2020-12-16 |
BOSCH-SA-856281 | CVE-2019-0708 | 9.8 |
|
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs | 2020-10-13 | 2020-10-13 |
BOSCH-SA-231483 | CVE-2020-14513 CVE-2020-14519 CVE-2020-14509 CVE-2020-14517 CVE-2020-16233 CVE-2020-14515 |
10.0 |
|
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products | 2020-09-25 | 2020-09-25 |
BOSCH-SA-458745 | CVE-2020-8597 | 9.8 |
|
Security routers FL MGUARD and TC MGUARD | 2020-07-28 | 2020-07-28 |
BOSCH-SA-645125 | CVE-2018-16994 | 7.5 |
|
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK | 2020-03-16 | 2020-03-16 |
BOSCH-SA-778363 |
|
IndraWorks – Installation problem | 2019-10-08 | 2019-10-08 | ||
BOSCH-SA-761722 | CVE-2019-12256 CVE-2019-12257 CVE-2019-12255 CVE-2019-12260 CVE-2019-12261 CVE-2019-12263 CVE-2019-12258 CVE-2019-12259 CVE-2019-12262 CVE-2019-12264 CVE-2019-12265 |
9.8 |
|
VxWorks security updates in Bosch Rexroth controllers | 2019-08-08 | 2019-08-08 |
BOSCH-2019-0201 | 9.8 |
|
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory | 2019-02-18 | 2019-02-18 | |
BOSCH-2018-1101 | 9.8 |
|
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory | 2018-11-27 | 2018-11-27 | |
BOSCH-SA-879267 |
|
Meltdown / Spectre | 2018-05-23 | 2018-02-06 | ||
BOSCH-SA-684353 | Products of the following Rexroth device families are potentially at risk
if they are using specific operating system firmware (see advisory) |
WannaCry | 2017-05-29 | 2017-05-29 | ||
BOSCH-2016-0701 | 6.4 |
|
Bosch Rexroth BLADEcontrol-WebVIS | 2016-07-22 | 2017-03-14 |
RSS Feed
Subscribe to our feed to be notified about new Security Advisories.
Attention! Be aware that only Bosch Rexroth Products will be included in the RSS Feed. For trade goods we just publish a security advisory. For RSS Feeds for trade goods check the offer of the manufacturers.