CVE-2023-48257

Summary

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

Affected Software

VendorProductVersion RangeStatus
RexrothNexo cordless nutrunner NXA015S-36V (0608842001)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V (0608842002)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V (0608842003)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V (0608842005)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA015S-36V-B (0608842006)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V-B (0608842007)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V-B (0608842008)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V-B (0608842010)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V (0608842011)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V-B (0608842012)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V (0608842013)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V-B (0608842014)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V (0608842015)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V-B (0608842016)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2272)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2301)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2514)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2515)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2666)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2673)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected

Weaknesses

  • CWE-1391: n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References