Bosch 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、パス処理の欠陥、バッファオーバーフロー, and vendor risk memory corruption があり、vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-60038 | A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks. | [email protected] | 7.8 | 0.16% | 2026-02-18 | 2026-02-24 |
| CVE-2025-60037 | A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks. | [email protected] | 7.8 | 0.16% | 2026-02-18 | 2026-02-24 |
| CVE-2025-60036 | A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead | [email protected] | 7.8 | 0.16% | 2026-02-18 | 2026-02-24 |
| CVE-2025-60035 | A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lea | [email protected] | 7.8 | 0.16% | 2026-02-18 | 2026-02-24 |
| CVE-2023-48266 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | [email protected] | 8.1 | 1.74% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48265 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | [email protected] | 8.1 | 1.74% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48264 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | [email protected] | 8.1 | 1.74% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48263 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | [email protected] | 8.1 | 1.74% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48262 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | [email protected] | 8.1 | 1.74% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48261 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | [email protected] | 5.3 | 0.24% | 2024-01-10 | 2025-06-03 |
| CVE-2023-48260 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | [email protected] | 5.3 | 0.24% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48259 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | [email protected] | 5.3 | 0.24% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48258 | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | [email protected] | 5.5 | 0.44% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48257 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request. | [email protected] | 7.8 | 0.64% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48256 | The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. | [email protected] | 5.3 | 0.32% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48255 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. | [email protected] | 6.3 | 0.15% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48254 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | [email protected] | 5.3 | 0.06% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48253 | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | [email protected] | 8.8 | 0.81% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48252 | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | [email protected] | 8.8 | 0.68% | 2024-01-10 | 2024-11-21 |
| CVE-2023-48251 | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | [email protected] | 8.1 | 3.32% | 2024-01-10 | 2024-11-21 |