Bosch Rexroth ctrlX OS Setup Web Application Backup Access Vulnerability

A vulnerability exists in the web application of the ctrlX OS setup mechanism, allowing an authenticated (low privileged) attacker to remotely access backup archives created by users with elevated permissions. Depending on the backup's content, this could lead to exposure of sensitive data.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data contained in backup archives.

Remediation

Users are strongly advised to update to the latest version of the ctrlX OS Setup app. After updating, the device may need to be rebooted, temporarily making it unavailable. To verify the update, check the version using the device's package management. If a backup has been created and downloaded, delete the backup file using the web interface.