CVE-2021-23855 – CVE-2021-23855 exposes user credentials through... (How to Fix)

Q: What is the severity of CVE-2021-23855?

CVE-2021-23855 has a CVSS score of 8.6 (HIGH). CVE-2021-23855 exposes user credentials through an unprotected web server resource in affected Bosch products. Attackers can retrieve weakly hashed passwords and crack them using rainbow tables. This affects Bosch Rexroth ctrlX CORE and ctrlX COREremote devices.

📋 TL;DR

CVE-2021-23855 exposes user credentials through an unprotected web server resource in affected Bosch products. Attackers can retrieve weakly hashed passwords and crack them using rainbow tables. This affects Bosch Rexroth ctrlX CORE and ctrlX COREremote devices.

💻 Affected Systems

Products:

Bosch Rexroth ctrlX CORE
Bosch Rexroth ctrlX COREremote

Versions: All versions prior to V1.5

Operating Systems: ctrlX OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with web interface enabled (default configuration).

📦 What is this software?

Rexroth Indramotion Mlc Firmware by Bosch

View all CVEs affecting Rexroth Indramotion Mlc Firmware →

Rexroth Indramotion Xlc Firmware by Bosch

View all CVEs affecting Rexroth Indramotion Xlc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative access, credential theft enabling lateral movement, and potential ransomware deployment.

🟠

Likely Case

Unauthorized access to the device, credential harvesting for password reuse attacks, and data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation and strong authentication controls in place.

🌐 Internet-Facing: HIGH - Direct exposure of credentials via web interface allows remote exploitation.

🏢 Internal Only: HIGH - Even internally, exposed credentials enable privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to unprotected endpoint retrieves password database. Weak hashing (MD5) enables trivial password cracking.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V1.5 or later

Vendor Advisory: https://psirt.bosch.com/security-advisories/bosch-sa-741752.html

Restart Required: Yes

Instructions:

1. Download firmware V1.5 or later from Bosch Rexroth support portal. 2. Backup device configuration. 3. Apply firmware update via web interface or USB. 4. Verify successful update and restore configuration.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to affected devices using firewall rules.

iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Web Interface

linux

Turn off web server if not required for operations.

systemctl stop ctrlx-web-server
systemctl disable ctrlx-web-server

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks.
Enforce strong password policies and monitor for credential reuse across systems.

🔍 How to Verify

Check if Vulnerable:

Access https://device-ip/path/to/userdb endpoint. If it returns user/password data, device is vulnerable.

Check Version:

ssh admin@device-ip 'cat /etc/ctrlx-version'

Verify Fix Applied:

Attempt to access the user database endpoint after patching - should return 404 or access denied.

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses to user database endpoint
Multiple failed login attempts from new IPs

Network Indicators:

HTTP GET requests to /path/to/userdb from unauthorized sources
Unusual outbound traffic post-authentication

SIEM Query:

source="web_logs" AND (uri="/path/to/userdb" OR status=200 AND uri LIKE "%userdb%")

📊 Metadata

CVE ID: CVE-2021-23855

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-200

Published: October 4, 2021

Last Updated: November 21, 2024

🔗 References

https://psirt.bosch.com/security-advisories/bosch-sa-741752.html Vendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-741752.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23855, you might also want to check these: