Bosch ctrlX OS Web Application Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the web application of Bosch ctrlX OS. This vulnerability allows a remote authenticated (low-privileged) attacker to disrupt the normal functioning of the device by sending multiple crafted HTTP requests. In severe cases, the device may require a full power cycle to restore control.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the affected device, causing it to become unresponsive. In the worst-case scenario, a full power cycle is required to regain control of the device.

Remediation

Users are strongly recommended to update to the latest versions of the affected components, available for all LTS releases. The update may require a reboot of the device, temporarily making it unavailable. To check if the updated versions are installed, use the device's package management system.