CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45220

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.2%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2023-45220

Boschrexroth » Ctrlx Hmi Web Panel Wr2107 » Version: N/A

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-
Boschrexroth » Ctrlx Hmi Web Panel Wr2110 » Version: N/A

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-
Boschrexroth » Ctrlx Hmi Web Panel Wr2115 » Version: N/A

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-
Boschrexroth » Ctrlx Hmi Web Panel Wr2107 Firmware » Version: Any

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*
Boschrexroth » Ctrlx Hmi Web Panel Wr2110 Firmware » Version: Any

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*
Boschrexroth » Ctrlx Hmi Web Panel Wr2115 Firmware » Version: Any

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45220

Products

Pricing

Contact Us