Romanian cybersecurity company Bitdefender discovered a flaw in the Bosch BCC100 thermostat in late August that would allow attackers to modify and implant rogue firmware. Although Bosch addressed this vulnerability in November, the company announced additional security vulnerabilities in the Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. Attackers were able to send remote commands and malicious updates to thermostats as the network port 8899 was permanently open. Although a thermostat bug may seem innocuous, this vulnerability could enable attackers to pivot to other devices within a local WiFi network. Bosch patched this flaw in firmware version 4.13.33. Bosch also acknowledged multiple arbitrary code execution vulnerabilities in the Rexroth Nexo cordless nutrunners. Attackers could access the pneumatic torque wrench and install ransomware, disrupt its operation, and even display ransom messages on its onboard screen. Bosch stated it will ship patches for the NXA, NXP, and NXV series devices by the end of the month.
Read More:
https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html