CVE-2023-41255

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication 
of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol  exposed on the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
boschrexrothctrlx_hmi_web_panel_wr2107_firmware
*
boschrexrothctrlx_hmi_web_panel_wr2110_firmware
*
boschrexrothctrlx_hmi_web_panel_wr2115_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
boschrexrothctrlx_hmi_web_panel_wr2107
𝑥
< *
ADP
boschrexrothctrlx_hmi_web_panel_wr2110
𝑥
< *
ADP
boschrexrothctrlx_hmi_web_panel_wr2115
𝑥
< *
ADP
Common Weakness Enumeration
References
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html