CVE-2021-23857
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
04/10/2021
Last modified:
30/08/2022
Description
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l20_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l20:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l40_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l40:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l25_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l25:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l45_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l45:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l65_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l65:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l75_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l75:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_l85_firmware:*:*:*:*:*:*:*:* | 12 (including) | |
cpe:2.3:h:bosch:rexroth_indramotion_mlc_l85:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:bosch:rexroth_indramotion_mlc_xm22_firmware:*:*:*:*:*:*:*:* | 12 (including) |
To consult the complete list of CPE names with products and versions, see this page