All CISA Advisories, EN

Bosch Rexroth IndraDrive

2024-11-07 18:11

1. EXECUTIVE SUMMARY

CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Bosch Rexroth
Equipment: IndraDrive
Vulnerability: Uncontrolled Resource Consumption

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Bosch Rexroth reports that the following versions of IndraDrive, servo drive system, are affected:

Bosch Rexroth AG IndraDrive FWA-INDRV*–MP*: 17VRS < 20V36

3.2 Vulnerability Overview

3.2.1 Uncontrolled Resource Consumption CWE-400

A vulnerability in the PROFINET stack implementation of the IndraDrive of Bosch Rexroth allows an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages.

CVE-2024-48989 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2024-48989. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Bosch Rexroth IndraDrive

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Air fryers are the latest surveillance threat you didn’t consider

CISA Releases Three Industrial Control Systems Advisories →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

How Six Simple Habits Can Keep Your Computer Safe From Malware September 27, 2025

IT Security News Hourly Summary 2025-09-27 19h : 2 posts September 27, 2025

Mysterious “quantum echo” in superconductors could unlock new tech September 27, 2025

The Looming Authorization Crisis: Why Traditional IAM Fails Agentic AI September 27, 2025

Vendor Data Breaches and Their Business Impact September 27, 2025

Bengaluru Software Engineer Loses Rs 44 Lakh in Fake Stock Trading Scam September 27, 2025

ShadowLeak: Zero-Click ChatGPT Flaw Exposes Gmail Data to Silent Theft September 27, 2025

An App Used to Dox Charlie Kirk Critics Doxed Its Own Users Instead September 27, 2025

Embracing the AI Revolution: How to Incorporate Generative AI into Your SOC 2 Compliance Plan September 27, 2025

Inside the Nuclear Bunkers, Mines, and Mountains Being Retrofitted as Data Centers September 27, 2025

Researchers Expose Phishing Threats Distributing CountLoader and PureRAT September 27, 2025

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks September 27, 2025

Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware September 27, 2025

Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign September 27, 2025

Hackers Use Fake Invoices to Spread XWorm RAT via Office Files September 27, 2025

New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads September 27, 2025

Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations September 27, 2025

Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users September 27, 2025

Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins September 27, 2025

Complete Guide to Understanding Risk-Based Authentication September 27, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}