Bosch PSIRT

Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs

BOSCH-SA-856281

Advisory Information

Summary

Microsoft has published information [1] for several versions of Microsoft Windows XP, Microsoft Windows XP embedded, Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard, regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.

Rexroth Industrial PCs on these operating systems are affected by this vulnerability.

Affected Products

  • Rexroth VEP15.6
  • Rexroth VEP21.6
  • Rexroth VEP30.5
  • Rexroth VEP40.5
  • Rexroth VEP50.5
  • Rexroth VPB40.3
  • Rexroth VPB40.4
  • Rexroth VPP16
  • Rexroth VPP40
  • Rexroth VPP60

Solution and Mitigations

Software Update

Microsoft has released patches closing this vulnerability [2], [3]. It is recommended that the appropriate patch for the operating system should be installed in a timely manner, if possible.

Compensatory Measures

In use cases in which a device update is not possible or not yet available, compensatory measures are recommended which prevent or at least complicate taking advantage of the vulnerability. Always define such compensatory measures individually, in the context of the operational environment. Some possible measures are described in the “Security Manual Electric Drives and Controls”, for example the network segmentation (please see [4]). In general, it is highly recommended to implement the measures described in the “Security Manual Drives and Controls”.

Vulnerability Details

CVE-2019-0708

This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE description: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

Remark

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

  • 13 Oct 2020: Initial Publication