CVE-2023-48253

Summary

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.

Affected Software

VendorProductVersion RangeStatus
RexrothNexo cordless nutrunner NXA015S-36V (0608842001)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V (0608842002)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V (0608842003)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V (0608842005)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA015S-36V-B (0608842006)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V-B (0608842007)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V-B (0608842008)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V-B (0608842010)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V (0608842011)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V-B (0608842012)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V (0608842013)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V-B (0608842014)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V (0608842015)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V-B (0608842016)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2272)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2301)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2514)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2515)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2666)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2673)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References