Romanian cybersecurity firm Bitdefender has unveiled multiple security vulnerabilities in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. If successfully exploited, these vulnerabilities could empower attackers to execute arbitrary code on the affected systems, raising concerns about the potential compromise of critical operations and product safety.
CVE-2023-49722 Bosch BCC100 Thermostats Vulnerability
Bitdefender, which discovered the flaw in Bosch BCC100 thermostats in August of last year, highlighted a high-severity vulnerability tracked as CVE-2023-49722. The flaw, with a CVSS score of 8.3, allowed an unauthenticated connection through an always-open network port (port 8899) in BCC101/BCC102/BCC50 thermostat products. This vulnerability, residing in the WiFi microcontroller serving as a network gateway, could enable attackers to alter device firmware and implant a rogue version. Bosch addressed this issue in November 2023 by closing port 8899 in firmware version 4.13.33, originally used for debugging purposes.
Exploiting this flaw could permit attackers to send commands to the thermostat, potentially rendering the device inoperable. Other consequences include acting as a backdoor to sniff traffic, pivot onto other devices, or engage in other malicious activities.
Rexroth NXA015S-36V-B Nutrunners Flaws
Bosch has also been alerted to over two dozen flaws in Rexroth Nexo cordless nutrunners. Nozomi Networks, an operational technology (OT) security firm, emphasized the severity of these flaws, considering that the NXA015S-36V-B is certified for safety-critical tasks. An unauthenticated attacker could exploit these vulnerabilities to disrupt operations, tamper with critical configurations, and potentially install ransomware.
The flaws may lead to remote execution of arbitrary code (RCE) with root privileges, compromising the safety of assembled products by inducing suboptimal tightening or causing damage due to excessive tightening. Nozomi Networks also highlighted the potential for attackers to render all tools on a production line inaccessible, resulting in significant disruptions.
Mitigation and Future Solutions
Bosch plans to release patches addressing these vulnerabilities by the end of January 2024. In the interim, users are strongly recommended to limit network reachability of the affected devices and review accounts with login access. Given the potential impact on critical operations and safety, swift action is crucial to mitigate the risks associated with these vulnerabilities.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: