A number of safety vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B sensible nutrunners that, if efficiently exploited, may enable attackers to execute arbitrary code on affected programs.
Romanian cybersecurity agency Bitdefender, which found the flaw in Bosch BCC100 thermostats final August, mentioned the difficulty might be weaponized by an attacker to change the system firmware and implant a rogue model.
Tracked as CVE-2023-49722 (CVSS rating: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023.
“A community port 8899 is at all times open in BCC101/BCC102/BCC50 thermostat merchandise, which permits an unauthenticated connection from an area WiFi community,” the corporate mentioned in an advisory.
The problem, at its core, impacts the WiFi microcontroller that acts as a community gateway for the thermostat’s logic microcontroller.
By exploiting the flaw, an attacker may ship instructions to the thermostat, together with writing a malicious replace to the system that would both render the system inoperable or act as a backdoor to smell visitors, pivot onto different gadgets, and different nefarious actions.
Bosch has corrected the shortcoming in firmware model 4.13.33 by closing the port 8899, which it mentioned was used for debugging functions.
The German engineering and tech firm has additionally been made conscious of over two dozen flaws in Rexroth Nexo cordless nutrunners that an unauthenticated attacker may abuse to disrupt operations, tamper with vital configurations, and even set up ransomware.
“On condition that the NXA015S-36V-B is licensed for safety-critical duties, an attacker may compromise the security of the assembled product by inducing suboptimal tightening, or trigger harm to it as a result of extreme tightening,” Nozomi Networks mentioned.
The issues, the operational know-how (OT) safety agency added, might be used to acquire distant execution of arbitrary code (RCE) with root privileges, and make the pneumatic torque wrench unusable by hijacking the onboard show and disabling the set off button to demand a ransom.
“Given the convenience with which this assault might be automated throughout quite a few gadgets, an attacker may swiftly render all instruments on a manufacturing line inaccessible, doubtlessly inflicting important disruptions to the ultimate asset proprietor,” the corporate added.
Patches for the vulnerabilities, which affect a number of NXA, NXP, and NXV sequence gadgets, are anticipated to be shipped by Bosch by the tip of January 2024. Within the interim, customers are beneficial to restrict the community reachability of the system as a lot as attainable and evaluation accounts which have login entry to the system.
The event comes as Pentagrid recognized a number of vulnerabilities in Lantronix EDS-MD IoT gateway for medical gadgets, one which might be leveraged by a consumer with entry to the net interface to execute arbitrary instructions as root on the underlying Linux host.