CVE-2021-23858 : Security Advisory and Response

A detailed overview of CVE-2021-23858 focusing on information disclosure vulnerability affecting Bosch Rexroth IndraMotion MLC series.

Understanding CVE-2021-23858

This CVE pertains to an information disclosure vulnerability impacting multiple versions of the IndraMotion MLC series manufactured by Rexroth.

What is CVE-2021-23858?

The vulnerability exposes sensitive information, such as user credentials and device details, via unprotected web server resources without requiring authentication.

The Impact of CVE-2021-23858

With a CVSS base score of 8.6, this issue has a high severity level, allowing unauthorized actors to access confidential information.

Technical Details of CVE-2021-23858

Examining the specific technical aspects of the vulnerability in greater detail.

Vulnerability Description

The vulnerable versions of IndraMotion MLC series expose crucial configuration data and device details through unprotected web server resources.

Affected Systems and Versions

Products like IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41, and XM42 IndraControl XLC with version 12 VRS are affected.

Exploitation Mechanism

The vulnerability can be exploited over a network with low attack complexity, impacting confidentiality but not integrity or availability.

Mitigation and Prevention

Guidelines on immediate and long-term measures to mitigate the risks posed by CVE-2021-23858.

Immediate Steps to Take

Users are advised to apply security patches and restrict unauthorized access to web server resources exposing sensitive information.

Long-Term Security Practices

Implementing secure authentication mechanisms, regularly updating firmware versions, and monitoring for unauthorized access.

Patching and Updates

Ensure timely installation of patches released by Bosch Rexroth to address the information disclosure vulnerability.