January 9, 2024 at 09:06AM
Researchers from Nozomi Networks have uncovered significant vulnerabilities in Bosch Rexroth nutrunners used in the automotive industry, potentially allowing hackers to gain control of these devices remotely. The vulnerabilities, including over two dozen security holes, pose serious threats to operational and reputational integrity. Bosch Rexroth plans to address the flaws by January 2024.
Based on the meeting notes, here are some key takeaways:
– Nozomi Networks has identified vulnerabilities in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench.
– These vulnerabilities can potentially be exploited by hackers for direct financial gain or to cause disruption or reputational damage to the targeted organization.
– The vulnerabilities include security holes in the management application of the NEXO-OS operating system and others related to communication protocols designed for integration with SCADA, PLC, and other systems.
– Exploiting these vulnerabilities could allow unauthenticated attackers to take complete control of a nutrunner, leading to potential scenarios such as ransomware attacks or changes to tightening program configurations, which could result in safety risks or defective product manufacturing.
– Nozomi Networks has assigned a total of 25 CVE identifiers to the flaws, with 11 of them having a ‘high severity’ rating.
– Bosch Rexroth has been informed about the vulnerabilities and plans to patch the flaws by the end of January 2024, with a security advisory already released.
– Nozomi Networks has not publicly disclosed any technical information to prevent malicious exploitation.
These takeaways provide a clear summary of the vulnerabilities identified in Bosch Rexroth’s nutrunners and the actions being taken to address them.