Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs
- Advisory ID: BOSCH-SA-856281
- CVE Numbers and CVSS v3.1 Scores:
- Published: 13 Oct 2020
- Last Updated: 13 Oct 2020
Microsoft has published information  for several versions of Microsoft Windows XP, Microsoft Windows XP embedded, Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard, regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.
Rexroth Industrial PCs on these operating systems are affected by this vulnerability.
- Rexroth VEP15.6
- Rexroth VEP21.6
- Rexroth VEP30.5
- Rexroth VEP40.5
- Rexroth VEP50.5
- Rexroth VPB40.3
- Rexroth VPB40.4
- Rexroth VPP16
- Rexroth VPP40
- Rexroth VPP60
Solution and Mitigations
Microsoft has released patches closing this vulnerability , . It is recommended that the appropriate patch for the operating system should be installed in a timely manner, if possible.
In use cases in which a device update is not possible or not yet available, compensatory measures are recommended which prevent or at least complicate taking advantage of the vulnerability. Always define such compensatory measures individually, in the context of the operational environment. Some possible measures are described in the “Security Manual Electric Drives and Controls”, for example the network segmentation (please see ). In general, it is highly recommended to implement the measures described in the “Security Manual Drives and Controls”.
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE description: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.
- Problem Type:
CVSS Vector String:
- Base Score: 9.8 (Critical)
- Temporal Score: 9.4 (Critical)
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
-  Microsoft Advisory for CVE-2019-0708: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
-  Microsoft Update Catalog KB4500331 Windows XP: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4500331%20Windows%20XP
-  Microsoft Update Catalog KB4499175: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499175
-  Bosch Rexroth Security Manual Electric Drives and Controls (German): https://www.boschrexroth.com/various/utilities/mediadirectory/download/index.jsp?object_nr=R911342561
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: firstname.lastname@example.org .
- 13 Oct 2020: Initial Publication