Details of VAR-202110-0244

ID

VAR-202110-0244

CVE

CVE-2021-23855

TITLE

Robert Bosch GmbH of rexroth indramotion xlc firmware and rexroth indramotion mlc Cryptographic Strength Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-021030

DESCRIPTION

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables. Robert Bosch GmbH of rexroth indramotion xlc firmware and rexroth indramotion mlc The firmware has a cryptographic strength vulnerability.Information may be obtained. Bosch Rexroth IndraMotion Mlc is a new type of equipment that combines motion and logic control, as well as robot control. Bosch Rexroth IndraMotion Mlc has a security vulnerability. The vulnerability is caused by the incorrect use of related cryptographic algorithms in network systems or products. Attackers can use the vulnerability to cause the content to be incorrectly encrypted, weakly encrypted, and sensitive information stored in plain text

Trust: 2.25

sources: NVD: CVE-2021-23855 // JVNDB: JVNDB-2021-021030 // CNVD: CNVD-2021-95611 // VULMON: CVE-2021-23855

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95611

AFFECTED PRODUCTS

vendor:	bosch	model:	rexroth indramotion mlc	scope:	eq	version:	-	Trust: 1.0
vendor:	bosch	model:	rexroth indramotion xlc	scope:	eq	version:	-	Trust: 1.0
vendor:	robert bosch	model:	rexroth indramotion xlc	scope:	-	version:	-	Trust: 0.8
vendor:	robert bosch	model:	rexroth indramotion mlc	scope:	-	version:	-	Trust: 0.8
vendor:	bosch	model:	rexroth indramotion mlc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-95611 // JVNDB: JVNDB-2021-021030 // NVD: CVE-2021-23855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23855
value:	HIGH
Trust: 1.0
psirt@bosch.com:	CVE-2021-23855
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-23855
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-95611
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-170
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-23855
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23855
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-95611
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23855
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@bosch.com:	CVE-2021-23855
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23855
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-95611 // VULMON: CVE-2021-23855 // JVNDB: JVNDB-2021-021030 // CNNVD: CNNVD-202110-170 // NVD: CVE-2021-23855 // NVD: CVE-2021-23855

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-326	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021030 // NVD: CVE-2021-23855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-170

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-170

PATCH

title:	Bosch Rexroth IndraMotion Mlc has a patch for unidentified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/303871	Trust: 0.6
title:	Bosch Rexroth IndraMotion Mlc Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165575	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-23855	Trust: 0.1

sources: CNVD: CNVD-2021-95611 // VULMON: CVE-2021-23855 // CNNVD: CNNVD-202110-170

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23855	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-021030	Trust: 0.8
db:	CNVD	id:	CNVD-2021-95611	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-170	Trust: 0.6
db:	VULMON	id:	CVE-2021-23855	Trust: 0.1

sources: CNVD: CNVD-2021-95611 // VULMON: CVE-2021-23855 // JVNDB: JVNDB-2021-021030 // CNNVD: CNNVD-202110-170 // NVD: CVE-2021-23855

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-741752.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23855	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-23855	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-95611 // VULMON: CVE-2021-23855 // JVNDB: JVNDB-2021-021030 // CNNVD: CNNVD-202110-170 // NVD: CVE-2021-23855

SOURCES

db:	CNVD	id:	CNVD-2021-95611
db:	VULMON	id:	CVE-2021-23855
db:	JVNDB	id:	JVNDB-2021-021030
db:	CNNVD	id:	CNNVD-202110-170
db:	NVD	id:	CVE-2021-23855

LAST UPDATE DATE

2024-08-14T15:11:47.079000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95611	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23855	date:	2022-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-021030	date:	2024-07-17T04:43:00
db:	CNNVD	id:	CNNVD-202110-170	date:	2022-08-31T00:00:00
db:	NVD	id:	CVE-2021-23855	date:	2022-08-30T16:09:32.397

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95611	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-23855	date:	2021-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-021030	date:	2024-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202110-170	date:	2021-10-04T00:00:00
db:	NVD	id:	CVE-2021-23855	date:	2021-10-04T18:15:07.653