BOSCH-SA-274557: The OpenSSL Software Foundation has published information [1] for OpenSSL versions prior to 1.1.1i (1.1.1 – 1.1.1h) and 1.0.2x (1.0.2 – 1.0.2w) regarding a weakness in the `GENERAL_NAME_cmp` function. The vulnerability could allow an attacker to provoke a null pointer dereference, potentially leading to a denial of service. Multiple ...
BOSCH-SA-152060: The control systems IndraMotion MTX, MLC and MLD sold by Bosch Rexroth contain technology from CODESYS GmbH. The manufacturer published security bulletins [1], [2] about weaknesses in the communication interface of the PLC runtime. By exploiting these vulnerabilities, the control device can be put into a state in which ...
BOSCH-SA-387388: The PRC7000 welding timer sold by Bosch Rexroth AG contains a CODESYS Soft-PLC Runtime from 3S. The manufacturer published security reports [1] about several weaknesses. By exploiting those weaknesses, an attacker can cause denial-of-service conditions or acquire user credentials. The vulnerabilities affect all firmware versions up to 1.11.3, and ...