CVE-2025-24349
📋 TL;DR
This vulnerability allows authenticated low-privileged attackers to delete physical network interface configurations on ctrlX OS web applications via crafted HTTP requests. This affects systems running vulnerable versions of ctrlX OS with network interface functionality enabled. Attackers can disrupt network connectivity and potentially cause denial of service.
💻 Affected Systems
- ctrlX OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete network disruption leading to denial of service, loss of remote management capabilities, and potential cascading failures in industrial control systems.
Likely Case
Temporary network outages requiring manual reconfiguration, disruption of operational technology communications, and potential production downtime.
If Mitigated
Minimal impact with proper network segmentation, monitoring, and access controls preventing unauthorized configuration changes.
🎯 Exploit Status
Requires authenticated access but only low privileges needed. Crafted HTTP request to specific endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ctrlX OS 2.0.0
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html
Restart Required: Yes
Instructions:
1. Download ctrlX OS 2.0.0 from official Bosch sources. 2. Backup current configuration. 3. Apply update through ctrlX OS management interface. 4. Restart system. 5. Verify network interfaces are functioning correctly.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict access to ctrlX OS web interface to trusted networks only
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
User Privilege Reduction
allReview and minimize user accounts with web interface access
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ctrlX OS systems from untrusted networks
- Enable detailed logging and monitoring for network configuration changes and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check ctrlX OS version via web interface or CLI. Versions prior to 2.0.0 are vulnerable.Check Version:
cat /etc/os-release | grep VERSIONVerify Fix Applied:
Verify system is running ctrlX OS 2.0.0 or later and test network interface configuration deletion attempts fail.📡 Detection & Monitoring
Log Indicators:
- HTTP POST/PUT/DELETE requests to network interface configuration endpoints
- Unauthorized configuration changes to network interfaces
- Failed authentication attempts followed by configuration changes
Network Indicators:
- Unusual HTTP traffic patterns to ctrlX OS web interface
- Sudden network interface configuration changes
SIEM Query:
source="ctrlx_os" AND (http_method="DELETE" OR http_method="POST") AND uri="/api/network/interfaces/*"