Denial of Service on Rexroth Fieldbus Couplers

Advisory Information

• Advisory ID: BOSCH-SA-757244
• CSAF Document: BOSCH-SA-757244.json
• CVE Numbers and CVSS v3.1 Scores:
  • CVE-2025-2813
    • Base Score: 7.5 (High)
• Published: 14 Aug 2025
• Last Updated: 14 Aug 2025

Summary

Several fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin about a weakness in the web-based administration interface. A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured substitute value behavior. The bus coupler requires a manual restart (resetting the power supply, pressing the reset button or executing the SNMP reset command) to reestablish communication within the Industrial Ethernet (e.g. PROFINET IO, Modbus/TCP, EtherNet/IP).

Affected Products

• Bosch Rexroth AG R-IL ETH BK DI8 DO4 2TX-PAC (R911171726)
  • CVE-2025-2813
    • Version(s): all versions
• Bosch Rexroth AG S20-EIP-BK (R911173904)
  • CVE-2025-2813
    • Version(s): all versions
• Bosch Rexroth AG S20-ETH-BK (R911173905)
  • CVE-2025-2813
    • Version(s): < 1.34
• Bosch Rexroth AG S20-PN-BK+ (R911173359)
  • CVE-2025-2813
    • Version(s): all versions

Solution and Mitigations

Solution

A firmware update is available for the S20-ETH-BK bus coupler. It is strongly recommended to update to the latest version.

This advisory will be updated when updated firmware versions become available for the other bus couplers.

In the meantime, and in cases where a firmware update is not possible, please refer to the chapter "Mitigation".

Mitigation

If possible, protect your network by blocking access to port 80 on the affected devices.
If the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80.
In general, when using the devices, it is strongly recommended to implement the measures for network segmentation described in the Bosch Rexroth Security Guideline Electric Drives and Controls [1].

Vulnerability Details

CVE-2025-2813

CVE description: An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.

• Problem Type:
  • CWE-770 Allocation of Resources Without Limits or Throttling
• CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Base Score: 7.5 (High)

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

• [1] Bosch Rexroth Security Guideline Electric Drives and Controls: https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342562
• [2] Third Party Supplier Advisory: https://assets.phoenixcontact.com/file/f4205726-881c-4184-b010-615e4bea778d/media/original?pcsa-2025-00006_vde-2025-029.pdf

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

• 14 Aug 2025: Initial Publication