CVE-2023-48261

Summary

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
RexrothNexo cordless nutrunner NXA015S-36V (0608842001)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V (0608842002)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V (0608842003)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V (0608842005)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA015S-36V-B (0608842006)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA030S-36V-B (0608842007)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA050S-36V-B (0608842008)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXP012QD-36V-B (0608842010)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V (0608842011)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA011S-36V-B (0608842012)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V (0608842013)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXA065S-36V-B (0608842014)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V (0608842015)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo cordless nutrunner NXV012T-36V-B (0608842016)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2272)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2301)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2514)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2515)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2666)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected
RexrothNexo special cordless nutrunner (0608PE2673)NEXO-OS V1000-Release <= NEXO-OS V1500-SP2affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References