A number of security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B sensible nutrunners that, if efficiently exploited, may enable attackers to execute arbitrary code on affected techniques.
Romanian cybersecurity agency Bitdefender, which found the flaw in Bosch BCC100 thermostats final August, stated the problem could possibly be weaponized by an attacker to change the machine firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.
“A community port 8899 is at all times open in BCC101/BCC102/BCC50 thermostat merchandise, which permits an unauthenticated connection from an area WiFi community,” the corporate stated in an advisory.
The difficulty, at its core, impacts the WiFi microcontroller that acts as a community gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker may ship instructions to the thermostat, together with writing a malicious replace to the machine that might both render the machine inoperable or act as a backdoor to smell visitors, pivot onto different gadgets, and different nefarious actions.
Bosch has corrected the shortcoming in firmware model 4.13.33 by closing the port 8899, which it stated was used for debugging functions.
The German engineering and tech firm has additionally been made conscious of over two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker may abuse to disrupt operations, tamper with important configurations, and even set up ransomware.
“On condition that the NXA015S-36V-B is licensed for safety-critical duties, an attacker may compromise the security of the assembled product by inducing suboptimal tightening, or trigger injury to it as a result of extreme tightening,” Nozomi Networks stated.
The issues, the operational know-how (OT) security agency added, could possibly be used to acquire distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard show and disabling the set off button to demand a ransom.
“Given the convenience with which this assault will be automated throughout quite a few gadgets, an attacker may swiftly render all instruments on a manufacturing line inaccessible, doubtlessly inflicting vital disruptions to the ultimate asset proprietor,” the corporate added.
Patches for the vulnerabilities, which influence a number of NXA, NXP, and NXV sequence gadgets, are anticipated to be shipped by Bosch by the tip of January 2024. Within the interim, customers are advisable to restrict the community reachability of the machine as a lot as attainable and overview accounts which have login entry to the machine.
The event comes as Pentagrid recognized a number of vulnerabilities in Lantronix EDS-MD IoT gateway for medical gadgets, one which could possibly be leveraged by a person with entry to the net interface to execute arbitrary instructions as root on the underlying Linux host.
