Login Sign Up

CVE-2023-48243

8.1 HIGH
Remote Code Execution

📋 TL;DR

This critical vulnerability allows remote attackers to upload arbitrary files anywhere on affected Bosch systems via crafted HTTP requests, leading to remote code execution with root privileges. It affects Bosch Rexroth ctrlX CORE and ctrlX COREvirtual devices running vulnerable firmware versions.

💻 Affected Systems

Products:
  • Bosch Rexroth ctrlX CORE
  • Bosch Rexroth ctrlX COREvirtual
Versions: All versions before 1.28.0
Operating Systems: ctrlX OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web-based management interface of these industrial automation devices.

📦 What is this software?

Nexo Os by Bosch

View all CVEs affecting Nexo Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level remote code execution, allowing attackers to install persistent backdoors, steal sensitive data, or disrupt industrial operations.

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, or lateral movement within industrial networks.

🟢

If Mitigated

Limited impact if systems are isolated behind firewalls with strict network controls and file upload restrictions.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication.
🏢 Internal Only: HIGH - Exploitable from any network segment with access to the device's web interface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

No authentication required, simple HTTP request manipulation needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.28.0 or later

Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html

Restart Required: Yes

Instructions:

1. Download firmware version 1.28.0 or later from Bosch Rexroth support portal. 2. Backup device configuration. 3. Apply firmware update via web interface or local update method. 4. Reboot device after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules limiting HTTP access.

Web Interface Restriction

linux

Configure firewall to block external access to device web interface (typically port 443).

iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation and zero-trust principles
  • Deploy web application firewall (WAF) with file upload filtering rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > About. Versions before 1.28.0 are vulnerable.

Check Version:

curl -k https://device-ip/api/version 2>/dev/null | grep firmware

Verify Fix Applied:

Confirm firmware version is 1.28.0 or later in System > About page.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activity in web server logs
  • HTTP POST requests to file upload endpoints with unusual filenames

Network Indicators:

  • HTTP requests with file upload parameters to device management interface
  • Unexpected outbound connections from device after exploitation

SIEM Query:

source="web_logs" AND (url="*upload*" OR method="POST") AND dest_ip="device_ip" AND file_extension NOT IN ("jpg","png","pdf")

📊 Metadata

CVE ID: CVE-2023-48243
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: January 10, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48243, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)