Bosch Rexroth ctrlX OS Web Application Arbitrary Client-Side Code Execution Vulnerability

A vulnerability exists in the 'Manages app data' feature of the Bosch Rexroth ctrlX OS web application, specifically in the Solutions component. This vulnerability allows a remote authenticated (low-privileged) attacker to execute arbitrary client-side code in the context of another user's browser. The issue is triggered through multiple crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of client-side scripts, potentially allowing for cross-site scripting (XSS) attacks or other client-side exploitations.

Remediation

Users are advised to update to the latest versions of the affected ctrlX OS applications. The update may require a device reboot. To check if the update was successful, verify the version using the device's package management system.