A number of safety vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B good nutrunners that, if efficiently exploited, may permit attackers to execute arbitrary code on affected programs.
Romanian cybersecurity agency Bitdefender, which found the flaw in Bosch BCC100 thermostats final August, mentioned the problem might be weaponized by an attacker to change the system firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.
“A community port 8899 is at all times open in BCC101/BCC102/BCC50 thermostat merchandise, which permits an unauthenticated connection from an area WiFi community,” the corporate mentioned in an advisory.
The difficulty, at its core, impacts the WiFi microcontroller that acts as a community gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker may ship instructions to the thermostat, together with writing a malicious replace to the system that would both render the system inoperable or act as a backdoor to smell visitors, pivot onto different gadgets, and different nefarious actions.
Bosch has corrected the shortcoming in firmware model 4.13.33 by closing the port 8899, which it mentioned was used for debugging functions.
The German engineering and tech firm has additionally been made conscious of over two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker may abuse to disrupt operations, tamper with important configurations, and even set up ransomware.
“On condition that the NXA015S-36V-B is licensed for safety-critical duties, an attacker may compromise the security of the assembled product by inducing suboptimal tightening, or trigger injury to it as a consequence of extreme tightening,” Nozomi Networks mentioned.
The failings, the operational know-how (OT) safety agency added, might be used to acquire distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard show and disabling the set off button to demand a ransom.
“Given the convenience with which this assault will be automated throughout quite a few gadgets, an attacker may swiftly render all instruments on a manufacturing line inaccessible, doubtlessly inflicting vital disruptions to the ultimate asset proprietor,” the corporate added.
Patches for the vulnerabilities, which impression a number of NXA, NXP, and NXV collection gadgets, are anticipated to be shipped by Bosch by the tip of January 2024. Within the interim, customers are really helpful to restrict the community reachability of the system as a lot as attainable and evaluate accounts which have login entry to the system.
The event comes as Pentagrid recognized a number of vulnerabilities in Lantronix EDS-MD IoT gateway for medical gadgets, one which might be leveraged by a person with entry to the net interface to execute arbitrary instructions as root on the underlying Linux host.