Bosch Rexroth ctrlX OS Proxy Functionality Vulnerability Allowing Unauthorized Manipulation of Environment File
Vulnerability
A vulnerability exists in the Proxy functionality of the web application in Bosch Rexroth ctrlX OS. This issue allows a remote authenticated (low-privileged) attacker to manipulate the '/etc/environment' file by sending a crafted HTTP request. The vulnerability arises from improper validation of input, which could be exploited to alter environment variables on the affected system.
Impact
Exploitation of this vulnerability allows for unauthorized modification of the '/etc/environment' file, potentially leading to arbitrary code execution with elevated privileges, as changes to this file can affect system-wide environment variables.
Remediation
Users are advised to update to the latest versions of the affected components. The update may require a device reboot. To check if the updated versions are installed, use the device's package management system.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.