CVE-2023-45844

Summary

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

Affected Software

VendorProductVersion RangeStatus
RexrothctrlX HMI Web Panel - WR21 (WR2107)allaffected
RexrothctrlX HMI Web Panel - WR21 (WR2110)allaffected
RexrothctrlX HMI Web Panel - WR21 (WR2115)allaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References