Primary

Context

Bosch ctrlX OS Remote Command Execution Vulnerability in Remote Logging Functionality

Vulnerability

A vulnerability exists in the remote logging feature of the Bosch ctrlX OS web application. This issue allows a remote authenticated (low-privileged) attacker to execute arbitrary operating system commands as the root user, by sending a crafted HTTP request. The vulnerability arises from improper handling of input, enabling command injection.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the operating system, with the commands being executed in the context of the root user.

Remediation

Users are advised to update to the latest versions of the affected ctrlX OS applications. The update process may require a device reboot. To check if the updated versions are installed, use the device's package management system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bosch ctrlX OS Remote Command Execution Vulnerability in Remote Logging Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating