Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Bosch Rexroth
CVE-2025-60035 (GCVE-0-2025-60035)
Vulnerability from nvd – Published: 2026-02-18 14:01 – Updated: 2026-02-18 14:41
VLAI
Summary
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
0 , < 15V24
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:41:48.116030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:41:54.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "15V24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:01:59.030Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60035",
"datePublished": "2026-02-18T14:01:59.030Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:41:54.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60038 (GCVE-0-2025-60038)
Vulnerability from nvd – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:23
VLAI
Summary
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
all
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:23:09.634940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:23:44.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:03:49.403Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60038",
"datePublished": "2026-02-18T14:03:49.403Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:23:44.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60037 (GCVE-0-2025-60037)
Vulnerability from nvd – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:34
VLAI
Summary
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
all
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:33:58.525366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:34:07.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:03:19.807Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60037",
"datePublished": "2026-02-18T14:03:19.807Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:34:07.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60036 (GCVE-0-2025-60036)
Vulnerability from nvd – Published: 2026-02-18 14:02 – Updated: 2026-02-18 14:41
VLAI
Summary
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
0 , < 15V24
(custom)
|
|
| Bosch Rexroth | UA.Testclient |
Affected:
0 , < 2.9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:41:16.480158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:41:24.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "15V24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "UA.Testclient",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:02:37.184Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60036",
"datePublished": "2026-02-18T14:02:37.184Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:41:24.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60038 (GCVE-0-2025-60038)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:23
VLAI
Summary
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
all
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:23:09.634940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:23:44.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:03:49.403Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60038",
"datePublished": "2026-02-18T14:03:49.403Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:23:44.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60037 (GCVE-0-2025-60037)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:34
VLAI
Summary
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
all
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:33:58.525366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:34:07.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:03:19.807Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60037",
"datePublished": "2026-02-18T14:03:19.807Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:34:07.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60036 (GCVE-0-2025-60036)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:02 – Updated: 2026-02-18 14:41
VLAI
Summary
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
0 , < 15V24
(custom)
|
|
| Bosch Rexroth | UA.Testclient |
Affected:
0 , < 2.9.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:41:16.480158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:41:24.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "15V24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "UA.Testclient",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:02:37.184Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60036",
"datePublished": "2026-02-18T14:02:37.184Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:41:24.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60035 (GCVE-0-2025-60035)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:01 – Updated: 2026-02-18 14:41
VLAI
Summary
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch Rexroth | IndraWorks |
Affected:
0 , < 15V24
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T14:41:48.116030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:41:54.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraWorks",
"vendor": "Bosch Rexroth",
"versions": [
{
"lessThan": "15V24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability\u00a0has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:01:59.030Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-60035",
"datePublished": "2026-02-18T14:01:59.030Z",
"dateReserved": "2025-09-25T12:06:05.896Z",
"dateUpdated": "2026-02-18T14:41:54.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201607-0381
Vulnerability from variot - Updated: 2023-12-18 12:44Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI (Human Machine Interface) system from Rexroth Bosch, Germany. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bladecontrol-webvis",
"scope": "lte",
"trust": 1.0,
"vendor": "bosch",
"version": "3.0.2"
},
{
"model": "bosch bladecontrol",
"scope": "lte",
"trust": 0.8,
"vendor": "rexroth",
"version": "\u003c=3.0.2"
},
{
"model": "bladecontrol-webvis",
"scope": "lte",
"trust": 0.8,
"vendor": "bosch rexroth",
"version": "3.0.2"
},
{
"model": "bladecontrol-webvis",
"scope": "eq",
"trust": 0.6,
"vendor": "rexroth",
"version": "3.0.2"
},
{
"model": "bosch bladecontrol-webvis",
"scope": "eq",
"trust": 0.3,
"vendor": "rexroth",
"version": "3.0.2"
}
],
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bosch:bladecontrol-webvis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4508"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "91572"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4508",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4508",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04593",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4508",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4508",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04593",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-025",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI (Human Machine Interface) system from Rexroth Bosch, Germany. \nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4508",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-187-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-04593",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494",
"trust": 0.8
},
{
"db": "BID",
"id": "91572",
"trust": 0.3
},
{
"db": "IVD",
"id": "76FB0F44-9EA6-40E7-AC92-C08A9D8AC261",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"id": "VAR-201607-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
}
]
},
"last_update_date": "2023-12-18T12:44:51.053000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.boschrexroth.com/"
},
{
"title": "Patch for Rexroth Bosch BLADEcontrol Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/78678"
},
{
"title": "Rexroth Bosch BLADEcontrol Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62618"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-187-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4508"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4508"
},
{
"trust": 0.3,
"url": "https://www.boschrexroth.com/en/xc/home/index"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"date": "2016-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"date": "2016-07-05T00:00:00",
"db": "BID",
"id": "91572"
},
{
"date": "2016-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"date": "2016-07-06T14:59:03.487000",
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"date": "2016-07-05T00:00:00",
"db": "BID",
"id": "91572"
},
{
"date": "2016-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003494"
},
{
"date": "2022-10-06T18:56:50.957000",
"db": "NVD",
"id": "CVE-2016-4508"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rexroth Bosch BLADEcontrol Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
},
{
"db": "CNVD",
"id": "CNVD-2016-04593"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-025"
}
],
"trust": 0.6
}
}
VAR-201607-0380
Vulnerability from variot - Updated: 2023-12-18 12:44SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol-WebVIS is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Rexroth Bosch BLADEcontrol-WebVIS version 3.0.2 and earlier are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bladecontrol-webvis",
"scope": "lte",
"trust": 1.0,
"vendor": "bosch",
"version": "3.0.2"
},
{
"model": "bladecontrol-webvis",
"scope": "lte",
"trust": 0.8,
"vendor": "bosch rexroth",
"version": "3.0.2"
},
{
"model": "bosch bladecontrol",
"scope": "lte",
"trust": 0.6,
"vendor": "rexroth",
"version": "\u003c=3.0.2"
},
{
"model": "bladecontrol-webvis",
"scope": "eq",
"trust": 0.6,
"vendor": "rexroth",
"version": "3.0.2"
},
{
"model": "bosch bladecontrol-webvis",
"scope": "eq",
"trust": 0.3,
"vendor": "rexroth",
"version": "3.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bladecontrol webvis",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bosch:bladecontrol-webvis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "91572"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4507",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4507",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04594",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4507",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4507",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04594",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol-WebVIS is prone to SQL-injection and cross-site scripting vulnerabilities. \nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nRexroth Bosch BLADEcontrol-WebVIS version 3.0.2 and earlier are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4507",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-187-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-04594",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493",
"trust": 0.8
},
{
"db": "BID",
"id": "91572",
"trust": 0.3
},
{
"db": "IVD",
"id": "B66FED74-E827-4D0E-92FD-D480E595C9F6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"id": "VAR-201607-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
}
]
},
"last_update_date": "2023-12-18T12:44:51.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.boschrexroth.com/"
},
{
"title": "Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/78679"
},
{
"title": "Rexroth Bosch BLADEcontrol SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=62617"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-187-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4507"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4507"
},
{
"trust": 0.3,
"url": "https://www.boschrexroth.com/en/xc/home/index"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"db": "BID",
"id": "91572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"date": "2016-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"date": "2016-07-05T00:00:00",
"db": "BID",
"id": "91572"
},
{
"date": "2016-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"date": "2016-07-06T14:59:02.503000",
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04594"
},
{
"date": "2016-07-05T00:00:00",
"db": "BID",
"id": "91572"
},
{
"date": "2016-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003493"
},
{
"date": "2022-10-06T18:59:24.897000",
"db": "NVD",
"id": "CVE-2016-4507"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch Rexroth BLADEcontrol-WebVIS In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-024"
}
],
"trust": 0.8
}
}