Germany Deutsch
  • Blog

Security Advisories

Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.

 

Security Advisory ID               Assigned CVE IDs CVSS* Affected Products                          Title                       Publication Date Last Update
BOSCH-SA-200802 CVE-2024-45490
CVE-2024-45491
CVE-2024-45492
9.8
  • PRC7000 Version(s): all 1.10.0.x - 1.10.5.x, all 1.11.0.x - 1.11.11.x, 1.11.12.0 <= 1.11.12.5, 1.11.13.0 <= 1.11.13.3, 1.11.14.0 <= 1.11.14.1
Multiple vulnerabilities in libexpat affecting PRC7000 2024-10-02 2024-10-02
BOSCH-SA-258444 CVE-2024-6387 8.1
  • PRC7000 Version(s):
    1.11.12.0 <= 1.11.12.4 and
    1.11.13.0 <= 1.11.13.1
"regreSSHion" OpenSSH vulnerability in PRC7000 2024-07-19 2024-07-19
BOSCH-SA-711465 CVE-2023-48242
CVE-2023-48243
CVE-2023-48244
CVE-2023-48245
CVE-2023-48246
CVE-2023-48247
CVE-2023-48248
CVE-2023-48249
CVE-2023-48250
CVE-2023-48251
CVE-2023-48252
CVE-2023-48253
CVE-2023-48254
CVE-2023-48255
CVE-2023-48256
CVE-2023-48257
CVE-2023-48258
CVE-2023-48259
CVE-2023-48260
CVE-2023-48261
CVE-2023-48262
CVE-2023-48263
CVE-2023-48264
CVE-2023-48265
CVE-2023-48266
8.8
  • Nexo cordless nutrunner NXA011S-36V (0608842011)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA011S-36V-B (0608842012)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA015S-36V (0608842001)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA015S-36V-B (0608842006)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA030S-36V (0608842002)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA030S-36V-B (0608842007)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA050S-36V (0608842003)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA050S-36V-B (0608842008)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA065S-36V (0608842013)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXA065S-36V-B (0608842014)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXP012QD-36V (0608842005)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXP012QD-36V-B (0608842010)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXV012T-36V (0608842015)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo cordless nutrunner NXV012T-36V-B (0608842016)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2301)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2272)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2666)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2514)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2515)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
  • Nexo special cordless nutrunner (0608PE2673)
    NEXO-OS V1000-Release <= NEXO-OS V1500-SP2
Multiple vulnerabilities in Nexo cordless nutrunner 2024-01-09 2024-01-29
BOSCH-SA-164691 CVE-2023-5246 8.8
  • Rexroth SLC-0-GPNT00300 (all versions)
Vulnerability in SICK Flexi Soft Gateway 2023-10-24 2023-10-24
BOSCH-SA-175607 CVE-2023-41255
CVE-2023-41372
CVE-2023-41960
CVE-2023-43488
CVE-2023-45220
CVE-2023-45321
CVE-2023-45844
CVE-2023-45851
CVE-2023-46102
8.8
  • ctrlX HMI / WR21 (WR2107) < RC7 (Build date 20231107)
  • ctrlX HMI / WR21 (WR2110) < RC7 (Build date 20231107)
  • ctrlX HMI / WR21 (WR2115) < RC7 (Build date 20231107)
Multiple vulnerabilities on ctrlX HMI / WR21 2023-10-20 2023-11-21
BOSCH-SA-894143 CVE-2023-23444 7.5
  • Rexroth SLC-0-GPNT00300 (all versions)
Vulnerability in the interface module SLC-0-GPNT00300 2023-07-04 2023-07-04
BOSCH-SA-833074 CVE-2022-4304
CVE-2023-2673
5.9
  • FL MGUARD RS4000 TX/& (R901351745) < 8.9.1
    TC MGUARD RS4000 4G & (R901541498) < 8.9.1
    FL MGUARD RS4000 TX/& (R911173814) < 8.9.1
    TC MGUARD RS2000 3G & (R911173815) < 8.9.1
    TC MGUARD RS4000 3G & (R911173816) < 8.9.1
    FL MGUARD DELTA TX/T& (R911173817) < 8.9.1
    FL MGUARD SMART2 VPN (R911173818) < 8.9.1
    FL MGUARD RS4004 TX/& (R913050362) < 8.9.1
    FL MGUARD RS4004 TX/& (R913051602) < 8.9.1
    FL MGUARD RS2000 TX/& (R913056204) < 8.9.1
    FL MGUARD RS2000 TX/& (R913058931) < 8.9.1
    TC MGUARD RS2000 4G & (R913066122) < 8.9.1
Vulnerability in routers FL MGUARD and TC MGUARD 2023-07-04 2023-07-04
BOSCH-SA-387640 CVE-2023-23451 9.8
  • Rexroth SLC-0-GPNT00300 (all versions)
Use of Telnet in the interface module SLC-0-GPNT00300 2023-04-28 2023-04-28
BOSCH-SA-931197 CVE-2022-3480 7.5
  • FL MGUARD RS4000 TX/& (R901351745) <= 8.9.0
    FL MGUARD RS4000 VPN& (R901352542) <= 8.9.0
    TC MGUARD RS4000 4G & (R901541498) <= 8.9.0
    FL MGUARD RS4000 TX/& (R911173814) <= 8.9.0
    TC MGUARD RS2000 3G & (R911173815) <= 8.9.0
    TC MGUARD RS4000 3G & (R911173816) <= 8.9.0
    FL MGUARD DELTA TX/T& (R911173817) <= 8.9.0
    FL MGUARD SMART2 VPN& (R911173818) <= 8.9.0
    FL MGUARD RS4004 TX/& (R913050362) <= 8.9.0
    FL MGUARD RS4004 TX/& (R913051602) <= 8.9.0
    FL MGUARD RS2000 TX/& (R913056204) <= 8.9.0
    FL MGUARD RS2000 TX/& (R913058931) <= 8.9.0
    TC MGUARD RS2000 4G & (R913066122) <= 8.9.0
    FL MGUARD RS4000 TX/& (R913076699) <= 8.9.0
Vulnerability in routers FL MGUARD and TC MGUARD 2023-03-03 2023-03-03
BOSCH-SA-463993 CVE-2022-27579
CVE-2022-27580
7.8
  • SafeLogic Designer < 1.8.0.763_SP1
SafeLogic Designer vulnerabilities 2022-08-11 2022-08-11
BOSCH-SA-577411 CVE-2022-22513
CVE-2022-22514
CVE-2022-22515
CVE-2022-22517
CVE-2022-22519
7.5
  • IndraLogic (all versions)
  • IndraMotion MLC (all versions)
  • IndraMotion MLD (all versions)
  • IndraMotion MTX (all versions)
  • ctrlX CORE PLC <= PLC-V-0116
Vulnerabilities in the communication protocol of the PLC runtime 2022-05-02 2022-10-11
BOSCH-SA-982696 CVE-2022-0778 7.5
  • FL MGUARD DELTA TX/T& (R911173817) <= 8.8.5
    FL MGUARD RS2000 TX/& (R913056204) <= 8.8.5
    FL MGUARD RS2000 TX/& (R913058931) <= 8.8.5
    FL MGUARD RS4000 TX/& (R901351745) <= 8.8.5
    FL MGUARD RS4000 TX/& (R911173814) <= 8.8.5
    FL MGUARD RS4000 TX/& (R913076699) <= 8.8.5
    FL MGUARD RS4000 TX/& (R913073676) <= 8.8.5
    FL MGUARD RS4000 VPN& (R901352542) <= 8.8.5
    FL MGUARD RS4004 TX/& (R913050362) <= 8.8.5
    FL MGUARD RS4004 TX/& (R913051602) <= 8.8.5
    FL MGUARD SMART2 VPN& (R911173818) <= 8.8.5
    FL MGUARD SMART2 VPN& (R913073677) <= 8.8.5
    TC MGUARD RS2000 3G & (R911173815) <= 8.8.5
    TC MGUARD RS2000 4G & (R913066122) <= 8.8.5
    TC MGUARD RS4000 3G & (R911173816) <= 8.8.5
    TC MGUARD RS4000 4G & (R901541498) <= 8.8.5
Vulnerability in routers FL MGUARD and TC MGUARD 2022-04-27 2022-04-27
BOSCH-SA-029150 CVE-2016-10228
CVE-2019-25013
CVE-2020-27618
CVE-2020-29562
CVE-2020-6096
CVE-2021-27645
CVE-2021-3326
CVE-2021-35942
CVE-2021-3998
CVE-2021-3999
CVE-2021-45960
CVE-2021-46143
CVE-2022-0778
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23218
CVE-2022-23219
CVE-2022-23852
CVE-2022-23990
CVE-2022-25235
CVE-2022-25236
9.8
  • ctrlX CORE < XCR-V-0114.1
  • ctrlX CORE (LTS) < XCR-V-0112.15
  • ctrlX CORE (Node-Red) < RED-V-0114.4
  • ctrlX CORE (Node-Red) (LTS) < RED-V-0112.4
Multiple vulnerabilities (ctrlX CORE) 2022-04-20 2022-04-20
BOSCH-SA-572602 CVE-2021-44228
CVE-2021-44832
CVE-2021-45046
CVE-2021-45105
10.0
  • IoT Gateway for Windows 2.1.0 – 2.3.2 (based on mbs OSGi)
  • IoT Gateway for Windows 2.0.1 – 3.1.0 (based on Felix OSGi)
  • IoT Gateway for Ubuntu Core 2.1.0 – 2.3.2 (PR21 Hardware)
Apache Log4j Vulnerabilities 2021-12-21 2022-01-10
BOSCH-SA-741752 CVE-2021-23855
CVE-2021-23856
CVE-2021-23857
CVE-2021-23858
10.0
  • IndraMotion MLC IndraMotion XLC
    * CVE-2021-23855
  • IndraMotion MLC L20, L40
    * CVE-2021-23856
  • IndraMotion MLC L20, L40 >= 12 VRS
    * CVE-2021-23857
    * CVE-2021-23858
  • IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC >= 12 VRS
    * CVE-2021-23858
  • IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC >= 12 VRS
    * CVE-2021-23857
Multiple vulnerabilities in the web server 2021-09-29 2022-08-25
BOSCH-SA-670099 CVE-2021-30186
CVE-2021-30188
CVE-2021-30189
CVE-2021-30190
CVE-2021-30191
CVE-2021-30192
CVE-2021-30193
CVE-2021-30194
CVE-2021-30195
9.8
  • Compact system CS351E-D IL, firmware version V2.300 <= V2.800
  • Compact system CS351E-G IL, firmware version V2.300 <= V2.800
  • Compact system CS351S-D IL, firmware version V2.300 <= V2.800
  • Compact system CS351S-G IL, firmware version V2.300 <= V2.800
  • Communication module KE350G IL, firmware version V2.300 <= V2.800
Vulnerabilities in CODESYS V2 runtime systems 2021-07-20 2021-07-20
BOSCH-SA-475180 CVE-2021-30186
CVE-2021-30188
CVE-2021-30195
9.8
  • IndraMotion MLD <= MPH 17VRS
  • IndraLogic <= 04VRS
  • IndraMotion MLC <= 04VRS
  • IndraMotion MTX 02VRS - 12VRS
  • SYNAX 11VRS - 13VRS
  • Visual Motion 11VRS
Vulnerabilities in CODESYS V2 runtime systems 2021-07-09 2021-07-09
BOSCH-SA-350374 CVE-2021-29242 7.3
  • ctrlX CORE PLC App <= 01V08
  • IndraMotion MTX - all versions
  • IndraMotion MLC - all versions
  • IndraMotion MLD - all versions
Vulnerability in the routing protocol of the PLC runtime 2021-05-19 2021-05-19
BOSCH-SA-017743 CVE-2020-26116
CVE-2020-27619
CVE-2021-23336
CVE-2021-23840
CVE-2021-23841
CVE-2021-3177
CVE-2021-3449
9.8
  • ctrlX CORE - IDE App <= 1.8.0
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities 2021-04-30 2021-04-30
BOSCH-SA-428397 --- ---
  • Rexroth S20-S3-BK+ < AE1
  • Rexroth S20-PN-BK+ < AB1
  • Rexroth S20-EC-BK < AD1
  • Rexroth S20-ETH-BK < AC1
  • Rexroth S20-EIP-BK < AC1
  • Rexroth R-IL S3 BK DI8 DO4-PAC- all versions
  • Rexroth R-IL PN BK DI8 DO4-PAC- all versions
  • Rexroth R-IL ETH BK DI8 DO4 2TX-PAC - all versions
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline 2021-04-30 2021-04-30
BOSCH-SA-918106 CVE-2020-27815
CVE-2020-27830
CVE-2020-28374
CVE-2020-28941
CVE-2020-29568
CVE-2020-29569
CVE-2020-29660
CVE-2020-29661
CVE-2021-20232
CVE-2021-24031
CVE-2021-24032
CVE-2021-27218
CVE-2021-27219
CVE-2021-27803
9.1
  • ctrlX CORE Runtime < XCR-V-0108.1 (Linux kernel)
  • ctrlX CORE Runtime <= XCR-V-0108.1 (operating system libraries)
    IoT Gateway (all versions)
Multiple vulnerabilities in ctrlX CORE and IoT Gateway 2021-04-23 2021-04-23
BOSCH-SA-637429 CVE-2021-20986 7.5
  • Rexroth ActiveMover with firmware version < 3.0.32.x and with configuration: ‘using Profinet communication module (Rexroth no. 3842 559 445)’
Denial of Service in Rexroth ActiveMover using Profinet protocol 2021-03-31 2022-01-26
BOSCH-SA-282922 CVE-2021-20987 7.5
  • Rexroth ActiveMover < 3.0.26.x with configuration: ‘using EtherNet/IP communication module (Rexroth no. 3842 559 444)’
Denial of Service in Rexroth ActiveMover using
EtherNet/IP protocol
2021-03-31 2021-03-31
BOSCH-SA-372917 CVE-2020-29661
CVE-2021-3156
CVE-2021-3347
7.8
  • ctrlX CORE Runtime < XCR-V0108
  • IoT Gateway on IndraControl PR21: PR2100.1-*-IOTNN variants
Privilege Escalation via sudo and Linux kernel 2021-02-24 2021-02-24
BOSCH-SA-932910 CVE-2020-12523 5.4
  • R911173816 - TC MGUARD RS4000 3G VPN - 2903440
  • R911173814 - FL MGUARD RS4000 TX/TX VPN
  • R901541498 - TC MGUARD RS4000 4G &
LAN ports get functional after reboot even if they are disabled in the device configuration 2021-02-03 2021-02-03
BOSCH-SA-775371 CVE-2020-25159 9.8
  • Rexroth ID 200/C-ETH with configuration: ‘using the EtherNet/IP Protocol’
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol 2021-01-27 2021-01-27
BOSCH-SA-274557 CVE-2020-1971 5.9
  • ctrlX CORE Runtime < XCR-V-0106.1
  • ctrlX CORE OPC UA Server < UAS-V-0106.1
  • ctrlX CORE OPC UA Client < UAC-V-0106.3
  • ctrlX WORKS < V0106.1
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971 2020-12-18 2021-01-21
BOSCH-SA-387388 CVE-2019-18858
CVE-2019-5105
CVE-2019-9010
CVE-2019-9012
CVE-2019-9013
CVE-2020-10245
10.0
  • Rexroth PRC7000 <= 1.11.3
Multiple vulnerabilities in 3S CODESYS Runtime in PRC7000 2020-12-16 2020-12-16
BOSCH-SA-152060 CVE-2019-5105
CVE-2020-7052
7.5
  • Rexroth IndraMotion MTX
  • Rexroth IndraMotion MLC
  • Rexroth IndraMotion MLD
Denial of Service in PLC Runtime affecting Rexroth IndraMotion 2020-12-16 2020-12-16
BOSCH-SA-856281 CVE-2019-0708 9.8
  • Rexroth VEP15.6
  • Rexroth VEP21.6
  • Rexroth VEP30.5
  • Rexroth VEP40.5
  • Rexroth VEP50.5
  • Rexroth VPB40.3
  • Rexroth VPB40.4
  • Rexroth VPP16
  • Rexroth VPP40
  • Rexroth VPP60
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs 2020-10-13 2020-10-13
BOSCH-SA-231483 CVE-2020-14513
CVE-2020-14519
CVE-2020-14509
CVE-2020-14517
CVE-2020-16233
CVE-2020-14515
10.0
  • Rexroth ActiveAssist Tool localization extension module < 1.1
  • Rexroth Laser Localization Software < 1.2
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products 2020-09-25 2020-09-25
BOSCH-SA-458745 CVE-2020-8597 9.8
  • R911173814 - FL MGUARD RS4000 TX/TX VPN
  • R911173818 - FL MGUARD SMART2 VPN - 2700639
  • R911173816 - TC MGUARD RS4000 3G VPN - 2903440
  • R911173817 - FL MGUARD DELTA TX/TX - 2700967
  • R913058931 - FL MGUARD RS2000 TX/TX-VPN
  • R911173815 - TC MGUARD RS2000 3G VPN - 2903441
Security routers FL MGUARD and TC MGUARD 2020-07-28 2020-07-28
BOSCH-SA-645125 CVE-2018-16994 7.5
  • Rexroth S20-PN-BK+
  • Rexroth S20-ETH-BK
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK 2020-03-16 2020-03-16
BOSCH-SA-778363
  • IndraWorks
IndraWorks – Installation problem 2019-10-08 2019-10-08
BOSCH-SA-761722 CVE-2019-12256
CVE-2019-12257
CVE-2019-12255
CVE-2019-12260
CVE-2019-12261
CVE-2019-12263
CVE-2019-12258
CVE-2019-12259
CVE-2019-12262
CVE-2019-12264
CVE-2019-12265
9.8
  • Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22
  • Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22
  • Rexroth industrial PC VPB40.4, firmware version < 14V22
  • Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)
VxWorks security updates in Bosch Rexroth controllers 2019-08-08 2019-08-08
BOSCH-2019-0201 9.8
  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory 2019-02-18 2019-02-18
BOSCH-2018-1101 9.8
  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory 2018-11-27 2018-11-27
BOSCH-SA-879267
  • IndraWorks
Meltdown / Spectre 2018-05-23 2018-02-06
BOSCH-SA-684353 Products of the following Rexroth device families are potentially at risk
  • IndraControl VPB
  • IndraControl VPP
  • IndraControl VSP
  • IndraControl VEP
  • IndraControl VEH

if they are using specific operating system firmware (see advisory)
WannaCry 2017-05-29 2017-05-29
BOSCH-2016-0701 6.4
  • Bosch Rexroth BLADEcontrol-WebVIS
Bosch Rexroth BLADEcontrol-WebVIS 2016-07-22 2017-03-14

*CVSS - Common Vulnerability Scoring System

RSS Feed

Subscribe to our feed to be notified about new Security Advisories.

Attention! Be aware that only Bosch Rexroth Products will be included in the RSS Feed. For trade goods we just publish a security advisory. For RSS Feeds for trade goods check the offer of the manufacturers.

Subscribe