FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
BOSCH-SA-428397
Advisory Information
- Advisory ID: BOSCH-SA-428397
-
CVE Numbers and CVSS v3.1 Scores:
-
BOSCH-SA-428397#1 (CVE n/a)
- Base Score: n/a
-
BOSCH-SA-428397#1 (CVE n/a)
- Published: 30 Apr 2021
- Last Updated: 30 Apr 2021
Summary
On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.
Affected Products
- Rexroth R-IL ETH BK DI8 DO4 2TX-PAC
- Rexroth R-IL PN BK DI8 DO4-PAC
- Rexroth R-IL S3 BK DI8 DO4-PAC
- Rexroth S20-EC-BK < AD1
- Rexroth S20-EIP-BK < AC1
- Rexroth S20-ETH-BK < AC1
- Rexroth S20-PN-BK+ < AB1
- Rexroth S20-S3-BK+ < AE1
Solution and Mitigations
Compensatory Measures
If possible, protect your network by blocking access to FTP.
Apply DC Security Policy
When using the devices, it is strongly recommended to implement the measures for network segmentation described in the DC Security Policy (see “Security Guideline Electric Drives and Controls” [1]).
Vulnerability Details
BOSCH-SA-428397#1
On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.
-
Problem Type:
- n/a
- CVSS Vector String: n/a
Remark
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
- [1] Bosch Rexroth Security Guideline Electric Drives and Controls: https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342562
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 30 Apr 2021: Initial Publication
Appendix
Bosch Rexroth Part Numbers for affected products
-
Rexroth R911170875 - Rexroth R-IL S3 BK DI8 DO4-PAC
-
Rexroth R911171726 - Rexroth R-IL ETH BK DI8 DO4 2TX-PAC
-
Rexroth R911171944 - Rexroth R-IL PN BK DI8 DO4-PAC
-
Rexroth R911173318 - Rexroth S20-S3-BK+
-
Rexroth R911173359 - Rexroth S20-PN-BK+
- Rexroth R911173904 - Rexroth S20-EIP-BK
- Rexroth R911173905 - Rexroth S20-ETH-BK
- Rexroth R911173906 - Rexroth S20-EC-BK