Bosch Rexroth IndraDrive

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages.

CVEs (1)

Remediations

• Bosch Rexroth has fixed this vulnerability starting with FWA-INDRV-MP-20V36. Bosch Rexroth recommends updating as soon as possible.
• In use cases in which a device update is not possible or not feasible, Bosch Rexroth recommends compensatory measures which prevent or at least complicate taking advantage of the vulnerability. Always define such compensatory measures individually, in the context of the operational environment.
• Some possible measures are described in "Security Manual Electric Drives and Controls", like network segmentation. In general, it is highly recommended to implement the measures described in "Security Manual Drives and Controls".
• For more information, refer to the Bosch PSIRT Security Advisory BOSCH-SA-315415
• Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: [email protected] .

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing