A number of safety vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B good nutrunners that, if efficiently exploited, may enable attackers to execute arbitrary code on affected programs.
Romanian cybersecurity agency Bitdefender, which found the flaw in Bosch BCC100 thermostats final August, mentioned the difficulty may very well be weaponized by an attacker to change the machine firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.
“A community port 8899 is all the time open in BCC101/BCC102/BCC50 thermostat merchandise, which permits an unauthenticated connection from a neighborhood WiFi community,” the corporate mentioned in an advisory.
The problem, at its core, impacts the WiFi microcontroller that acts as a community gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker may ship instructions to the thermostat, together with writing a malicious replace to the machine that might both render the machine inoperable or act as a backdoor to smell visitors, pivot onto different units, and different nefarious actions.
Bosch has corrected the shortcoming in firmware model 4.13.33 by closing the port 8899, which it mentioned was used for debugging functions.
The German engineering and tech firm has additionally been made conscious of over two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker may abuse to disrupt operations, tamper with crucial configurations, and even set up ransomware.
“On condition that the NXA015S-36V-B is licensed for safety-critical duties, an attacker may compromise the security of the assembled product by inducing suboptimal tightening, or trigger injury to it on account of extreme tightening,” Nozomi Networks mentioned.
The issues, the operational know-how (OT) safety agency added, may very well be used to acquire distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard show and disabling the set off button to demand a ransom.
“Given the benefit with which this assault could be automated throughout quite a few units, an attacker may swiftly render all instruments on a manufacturing line inaccessible, doubtlessly inflicting important disruptions to the ultimate asset proprietor,” the corporate added.
Patches for the vulnerabilities, which impression a number of NXA, NXP, and NXV sequence units, are anticipated to be shipped by Bosch by the tip of January 2024. Within the interim, customers are really useful to restrict the community reachability of the machine as a lot as potential and overview accounts which have login entry to the machine.
The event comes as Pentagrid recognized a number of vulnerabilities in Lantronix EDS-MD IoT gateway for medical units, one which may very well be leveraged by a person with entry to the online interface to execute arbitrary instructions as root on the underlying Linux host.