Germany

Standort auswählen

Germany

Sicherheitsankündigungen

Die untenstehenden Sicherheitsankündigungen informieren Sie über die bekanntesten Sicherheitsprobleme aus unserer Produkt- bzw. Service-Welt und die passenden Lösungen.

 

Security Advisory ID                Assigned CVE IDs CVSS* Affected Products                          Title                       Publication Date Last Update
BOSCH-SA-741752 CVE-2021-23855
CVE-2021-23856
CVE-2021-23857
CVE-2021-23858
10.0
  • IndraMotion MLC IndraMotion XLC
    * CVE-2021-23855
  • IndraMotion MLC L20, L40
    * CVE-2021-23856
  • IndraMotion MLC L20, L40 >= 12 VRS
    * CVE-2021-23857
    * CVE-2021-23858
  • IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC >= 12 VRS
    * CVE-2021-23858
  • IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC >= 12 VRS
    * CVE-2021-23857
Multiple vulnerabilities in the web server 2021-09-29 2021-09-29
BOSCH-SA-670099 CVE-2021-30186
CVE-2021-30188
CVE-2021-30189
CVE-2021-30190
CVE-2021-30191
CVE-2021-30192
CVE-2021-30193
CVE-2021-30194
CVE-2021-30195
9.8
  • Compact system CS351E-D IL, firmware version V2.300 <= V2.800
  • Compact system CS351E-G IL, firmware version V2.300 <= V2.800
  • Compact system CS351S-D IL, firmware version V2.300 <= V2.800
  • Compact system CS351S-G IL, firmware version V2.300 <= V2.800
  • Communication module KE350G IL, firmware version V2.300 <= V2.800
Vulnerabilities in CODESYS V2 runtime systems 2021-07-20 2021-07-20
BOSCH-SA-475180 CVE-2021-30186
CVE-2021-30188
CVE-2021-30195
9.8
  • IndraMotion MLD <= MPH 17VRS
  • IndraLogic <= 04VRS
  • IndraMotion MLC <= 04VRS
  • IndraMotion MTX 02VRS - 12VRS
  • SYNAX 11VRS - 13VRS
  • Visual Motion 11VRS
Vulnerabilities in CODESYS V2 runtime systems 2021-07-09 2021-07-09
BOSCH-SA-350374 CVE-2021-29242 7.3
  • ctrlX CORE PLC App <= 01V08
  • IndraMotion MTX - all versions
  • IndraMotion MLC - all versions
  • IndraMotion MLD - all versions
Vulnerability in the routing protocol of the PLC runtime 2021-05-19 2021-05-19
BOSCH-SA-017743 CVE-2020-26116
CVE-2020-27619
CVE-2021-23336
CVE-2021-23840
CVE-2021-23841
CVE-2021-3177
CVE-2021-3449
9.8
  • ctrlX CORE - IDE App <= 1.8.0
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities 2021-04-30 2021-04-30
BOSCH-SA-428397 --- ---
  • Rexroth S20-S3-BK+ < AE1
  • Rexroth S20-PN-BK+ < AB1
  • Rexroth S20-EC-BK < AD1
  • Rexroth S20-ETH-BK < AC1
  • Rexroth S20-EIP-BK < AC1
  • Rexroth R-IL S3 BK DI8 DO4-PAC- all versions
  • Rexroth R-IL PN BK DI8 DO4-PAC- all versions
  • Rexroth R-IL ETH BK DI8 DO4 2TX-PAC - all versions
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline 2021-04-30 2021-04-30
BOSCH-SA-918106 CVE-2020-27815
CVE-2020-27830
CVE-2020-28374
CVE-2020-28941
CVE-2020-29568
CVE-2020-29569
CVE-2020-29660
CVE-2020-29661
CVE-2021-20232
CVE-2021-24031
CVE-2021-24032
CVE-2021-27218
CVE-2021-27219
CVE-2021-27803
9.1
  • ctrlX CORE Runtime < XCR-V-0108.1 (Linux kernel)
  • ctrlX CORE Runtime <= XCR-V-0108.1 (operating system libraries)
    IoT Gateway (all versions)
Multiple vulnerabilities in ctrlX CORE and IoT Gateway 2021-04-23 2021-04-23
BOSCH-SA-637429 CVE-2021-20986 7.5
  • Rexroth ActiveMover with configuration: ‘using Profinet communication module (Rexroth no. 3842 559 445)’
Denial of Service in Rexroth ActiveMover using Profinet protocol 2021-03-31 2021-03-31
BOSCH-SA-282922 CVE-2021-20987 7.5
  • Rexroth ActiveMover < 3.0.26.x with configuration: ‘using EtherNet/IP communication module (Rexroth no. 3842 559 444)’
Denial of Service in Rexroth ActiveMover using
EtherNet/IP protocol
2021-03-31 2021-03-31
BOSCH-SA-372917 CVE-2020-29661
CVE-2021-3156
CVE-2021-3347
7.8
  • ctrlX CORE Runtime < XCR-V0108
  • IoT Gateway on IndraControl PR21: PR2100.1-*-IOTNN variants
Privilege Escalation via sudo and Linux kernel 2021-02-24 2021-02-24
BOSCH-SA-932910 CVE-2020-12523 5.4
  • R911173816 - TC MGUARD RS4000 3G VPN - 2903440
  • R911173814 - FL MGUARD RS4000 TX/TX VPN
  • R901541498 - TC MGUARD RS4000 4G &
LAN ports get functional after reboot even if they are disabled in the device configuration 2021-02-03 2021-02-03
BOSCH-SA-775371 CVE-2020-25159 9.8
  • Rexroth ID 200/C-ETH with configuration: ‘using the EtherNet/IP Protocol’
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol 2021-01-27 2021-01-27
BOSCH-SA-274557 CVE-2020-1971 5.9
  • ctrlX CORE Runtime < XCR-V-0106.1
  • ctrlX CORE OPC UA Server < UAS-V-0106.1
  • ctrlX CORE OPC UA Client < UAC-V-0106.3
  • ctrlX WORKS < V0106.1
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971 2020-12-18 2021-01-21
BOSCH-SA-387388 CVE-2019-18858
CVE-2019-5105
CVE-2019-9010
CVE-2019-9012
CVE-2019-9013
CVE-2020-10245
10.0
  • Rexroth PRC7000 <= 1.11.3
Multiple vulnerabilities in 3S CODESYS Runtime in PRC7000 2020-12-16 2020-12-16
BOSCH-SA-152060 CVE-2019-5105
CVE-2020-7052
7.5
  • Rexroth IndraMotion MTX
  • Rexroth IndraMotion MLC
  • Rexroth IndraMotion MLD
Denial of Service in PLC Runtime affecting Rexroth IndraMotion 2020-12-16 2020-12-16
BOSCH-SA-856281 CVE-2019-0708 9.8
  • Rexroth VEP15.6
  • Rexroth VEP21.6
  • Rexroth VEP30.5
  • Rexroth VEP40.5
  • Rexroth VEP50.5
  • Rexroth VPB40.3
  • Rexroth VPB40.4
  • Rexroth VPP16
  • Rexroth VPP40
  • Rexroth VPP60
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs 2020-10-13 2020-10-13
BOSCH-SA-231483 CVE-2020-14513
CVE-2020-14519
CVE-2020-14509
CVE-2020-14517
CVE-2020-16233
CVE-2020-14515
10.0
  • Rexroth ActiveAssist Tool localization extension module < 1.1
  • Rexroth Laser Localization Software < 1.2
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products 2020-09-25 2020-09-25
BOSCH-SA-458745 CVE-2020-8597 9.8
  • R911173814 - FL MGUARD RS4000 TX/TX VPN
  • R911173818 - FL MGUARD SMART2 VPN - 2700639
  • R911173816 - TC MGUARD RS4000 3G VPN - 2903440
  • R911173817 - FL MGUARD DELTA TX/TX - 2700967
  • R913058931 - FL MGUARD RS2000 TX/TX-VPN
  • R911173815 - TC MGUARD RS2000 3G VPN - 2903441
Security routers FL MGUARD and TC MGUARD 2020-07-28 2020-07-28
BOSCH-SA-645125 CVE-2018-16994 7.5
  • Rexroth S20-PN-BK+
  • Rexroth S20-ETH-BK
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK 2020-03-16 2020-03-16
BOSCH-SA-778363
  • IndraWorks
IndraWorks – Installation problem 2019-10-08 2019-10-08
BOSCH-SA-761722 CVE-2019-12256
CVE-2019-12257
CVE-2019-12255
CVE-2019-12260
CVE-2019-12261
CVE-2019-12263
CVE-2019-12258
CVE-2019-12259
CVE-2019-12262
CVE-2019-12264
CVE-2019-12265
9.8
  • Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22
  • Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22
  • Rexroth industrial PC VPB40.4, firmware version < 14V22
  • Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)
VxWorks security updates in Bosch Rexroth controllers 2019-08-08 2019-08-08
BOSCH-2019-0201 9.8
  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory 2019-02-18 2019-02-18
BOSCH-2018-1101 9.8
  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory 2018-11-27 2018-11-27
BOSCH-SA-879267
  • IndraWorks
Meltdown / Spectre 2018-05-23 2018-02-06
BOSCH-SA-684353 Products of the following Rexroth device families are potentially at risk
  • IndraControl VPB
  • IndraControl VPP
  • IndraControl VSP
  • IndraControl VEP
  • IndraControl VEH

if they are using specific operating system firmware (see advisory)
WannaCry 2017-05-29 2017-05-29
BOSCH-2016-0701 6.4
  • Bosch Rexroth BLADEcontrol-WebVIS
Bosch Rexroth BLADEcontrol-WebVIS 2016-07-22 2017-03-14

*CVSS - Common Vulnerability Scoring System

RSS Feed

Subscribe to our feed to be notified about new Security Advisories.

Attention! Be aware that only Bosch Rexroth Products will be included in the RSS Feed. For trade goods we just publish a security advisory. For RSS Feeds for trade goods check the offer of the manufacturers.

Subscribe