Primary

Context

Bosch Rexroth ctrlX OS Certificates and Keys Functionality Arbitrary Certificate Write Vulnerability

Vulnerability

A vulnerability exists in the 'Certificates and Keys' feature of the Bosch Rexroth ctrlX OS web application. This vulnerability allows remote authenticated (low-privileged) attackers to write arbitrary certificates to any file system path by sending a crafted HTTP request.

Impact

Exploitation of this vulnerability could lead to unauthorized certificate installation, potentially allowing for man-in-the-middle attacks or other malicious activities that rely on fraudulent certificates.

Remediation

Users are advised to update to the latest versions of the affected ctrlX OS applications. The update may require a device reboot. To check if the updated versions are installed, use the device's package management system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bosch Rexroth ctrlX OS Certificates and Keys Functionality Arbitrary Certificate Write Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating