Bosch Rexroth ctrlX OS Backup Encryption Misrepresentation Vulnerability

A vulnerability exists in the Bosch Rexroth ctrlX OS Setup web interface, where unclear language may lead users to mistakenly believe that backup files are encrypted when a password is applied. In reality, only the private key—if included in the backup—is encrypted, leaving the backup file itself unprotected. This issue affects ctrlX OS versions 1.20.0 to 1.20.1, 2.6.0 to 2.6.1, and 3.6.0 to 3.6.2.

Impact

Users may unintentionally expose unencrypted backup files, potentially leading to unauthorized access to sensitive information, especially if private keys are involved.

Remediation

Users are advised to update to the latest version of the ctrlX OS Setup app. If an immediate update is not possible, and encryption is needed for backup files, use an external program to encrypt the backup file after downloading it.