Skip to main

FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline

BOSCH-SA-428397

Advisory Information

  • Advisory ID: BOSCH-SA-428397
  • CVE Numbers and CVSS v3.1 Scores:
    • BOSCH-SA-428397#1 (CVE n/a)
      • Base Score: n/a
  • Published: 30 Apr 2021
  • Last Updated: 30 Apr 2021

Summary

On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

Affected Products

  • Rexroth R-IL ETH BK DI8 DO4 2TX-PAC
  • Rexroth R-IL PN BK DI8 DO4-PAC
  • Rexroth R-IL S3 BK DI8 DO4-PAC
  • Rexroth S20-EC-BK < AD1
  • Rexroth S20-EIP-BK < AC1
  • Rexroth S20-ETH-BK < AC1
  • Rexroth S20-PN-BK+ < AB1
  • Rexroth S20-S3-BK+ < AE1

Solution and Mitigations

Compensatory Measures

If possible, protect your network by blocking access to FTP.

Apply DC Security Policy

When using the devices, it is strongly recommended to implement the measures for network segmentation described in the DC Security Policy (see “Security Guideline Electric Drives and Controls” [1]).

Vulnerability Details

BOSCH-SA-428397#1

On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

  • Problem Type:
    • n/a
  • CVSS Vector String: n/a

Remark

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

  • 30 Apr 2021: Initial Publication

Appendix

Bosch Rexroth Part Numbers for affected products

  • Rexroth R911170875 - Rexroth R-IL S3 BK DI8 DO4-PAC

  • Rexroth R911171726 - Rexroth R-IL ETH BK DI8 DO4 2TX-PAC

  • Rexroth R911171944 - Rexroth R-IL PN BK DI8 DO4-PAC

  • Rexroth R911173318 - Rexroth S20-S3-BK+

  • Rexroth R911173359 - Rexroth S20-PN-BK+

  • Rexroth R911173904 - Rexroth S20-EIP-BK
  • Rexroth R911173905 - Rexroth S20-ETH-BK
  • Rexroth R911173906 - Rexroth S20-EC-BK