Multiple safety vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B good nutrunners that, if efficiently exploited, may enable attackers to execute arbitrary code on affected methods.
Romanian cybersecurity agency Bitdefender, which found the flaw in Bosch BCC100 thermostats final August, mentioned the difficulty might be weaponized by an attacker to change the system firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.
“A community port 8899 is all the time open in BCC101/BCC102/BCC50 thermostat merchandise, which permits an unauthenticated connection from an area WiFi community,” the corporate mentioned in an advisory.
The challenge, at its core, impacts the WiFi microcontroller that acts as a community gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker may ship instructions to the thermostat, together with writing a malicious replace to the system that would both render the system inoperable or act as a backdoor to smell visitors, pivot onto different units, and different nefarious actions.
Bosch has corrected the shortcoming in firmware model 4.13.33 by closing the port 8899, which it mentioned was used for debugging functions.
The German engineering and tech firm has additionally been made conscious of over two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker may abuse to disrupt operations, tamper with vital configurations, and even set up ransomware.
“Given that the NXA015S-36V-B is licensed for safety-critical duties, an attacker may compromise the protection of the assembled product by inducing suboptimal tightening, or trigger injury to it as a consequence of extreme tightening,” Nozomi Networks mentioned.
The flaws, the operational expertise (OT) safety agency added, might be used to acquire distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard show and disabling the set off button to demand a ransom.
“Given the convenience with which this assault will be automated throughout quite a few units, an attacker may swiftly render all instruments on a manufacturing line inaccessible, probably inflicting vital disruptions to the ultimate asset proprietor,” the corporate added.
Patches for the vulnerabilities, which affect a number of NXA, NXP, and NXV collection units, are anticipated to be shipped by Bosch by the top of January 2024. In the interim, customers are advisable to restrict the community reachability of the system as a lot as attainable and evaluation accounts which have login entry to the system.
The growth comes as Pentagrid recognized a number of vulnerabilities in Lantronix EDS-MD IoT gateway for medical units, one which might be leveraged by a person with entry to the net interface to execute arbitrary instructions as root on the underlying Linux host.