CVE-2023-48247

Name of the Vulnerable Software and Affected Versions Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner (affected versions not specified)

Description The issue allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. This is due to weaknesses in the authorization procedure of the NEXO-OS operating system tools for production line maintenance.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.