Bosch Rexroth ctrlX OS Task API Endpoint Improper Access Control Vulnerability

A vulnerability exists in the Task API endpoint of the ctrlX OS setup mechanism, allowing remote, unauthenticated attackers to access and extract internal application data. This includes potential debug logs and information about the versions of installed applications.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal application data, including debug logs and details about installed application versions.

Remediation

An updated version of the affected component is available for all long-term supported (LTS) releases. Users are strongly recommended to update to the latest version. The update may require a reboot of the device, temporarily making it unavailable. To verify that the updated version is installed, check the version using the device's package management.