CVE-2023-45851
📋 TL;DR
This vulnerability allows attackers to intercept or manipulate MQTT communications between Android Client applications and AppHub servers due to missing server authentication. Attackers can force devices to connect to malicious MQTT brokers and send fake messages to HMI devices. This affects Android Client applications enrolled with Bosch AppHub servers.
💻 Affected Systems
- Bosch Android Client application for AppHub
📦 What is this software?
Ctrlx Hmi Web Panel Wr2107 Firmware by Boschrexroth
View all CVEs affecting Ctrlx Hmi Web Panel Wr2107 Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of HMI device control, allowing attackers to send malicious commands, disrupt operations, or manipulate industrial processes through fake messages.
Likely Case
Data interception, message manipulation, or denial of service by redirecting MQTT traffic to attacker-controlled brokers.
If Mitigated
Limited impact with proper network segmentation and monitoring, though authentication bypass remains possible.
🎯 Exploit Status
Exploitation requires network access to intercept or redirect MQTT traffic. No authentication needed to force connections to malicious brokers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory, but vendor recommends updating to latest version
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
Restart Required: Yes
Instructions:
1. Update Android Client application to latest version from official source. 2. Ensure AppHub server is updated if required. 3. Restart Android devices after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MQTT broker and Android clients on separate VLANs with strict firewall rules
VPN Enforcement
allRequire VPN for all Android client connections to AppHub infrastructure
🧯 If You Can't Patch
- Implement network monitoring for unexpected MQTT broker connections
- Use certificate pinning or enforce TLS with proper certificate validation for MQTT connections
🔍 How to Verify
Check if Vulnerable:
Check Android Client app version and verify if it connects to MQTT broker without certificate validation. Monitor network traffic for unauthenticated MQTT connections.Check Version:
Check app version in Android settings > Apps > [App Name] > App infoVerify Fix Applied:
Verify updated app version and test MQTT connections require proper server authentication/certificate validation.📡 Detection & Monitoring
Log Indicators:
- Failed certificate validation logs
- Unexpected MQTT broker connection attempts
- Authentication errors for MQTT connections
Network Indicators:
- Unencrypted MQTT traffic on port 1883
- MQTT connections to unexpected IP addresses
- Lack of TLS handshake for MQTT connections
SIEM Query:
source="network_traffic" dest_port=1883 OR dest_port=8883 AND protocol="mqtt" AND NOT (tls_version=* OR ssl_handshake=success)