{"cve":{"cve_id":"CVE-2023-45851","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00447,"epss_percentile":0.35539,"epss_as_of":"2026-06-23","description":"The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. \r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device","published_at":"2023-10-25T14:18:08.811000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-306"],"nvd_references":["https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:38:55.890154Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"bosch-rexroth-ag","vendor_name":"Bosch Rexroth AG","product_slug":"ctrlx-hmi-web-panel-wr21-wr2107","product_name":"ctrlX HMI Web Panel - WR21 (WR2107)","version_start":"all","version_start_inclusive":true,"version_end":"all","version_end_inclusive":true,"cpe23_uri":"cve5:bosch-rexroth-ag:ctrlx-hmi-web-panel-wr21-wr2107:all:all"},{"vendor_slug":"bosch-rexroth-ag","vendor_name":"Bosch Rexroth AG","product_slug":"ctrlx-hmi-web-panel-wr21-wr2110","product_name":"ctrlX HMI Web Panel - WR21 (WR2110)","version_start":"all","version_start_inclusive":true,"version_end":"all","version_end_inclusive":true,"cpe23_uri":"cve5:bosch-rexroth-ag:ctrlx-hmi-web-panel-wr21-wr2110:all:all"},{"vendor_slug":"bosch-rexroth-ag","vendor_name":"Bosch Rexroth AG","product_slug":"ctrlx-hmi-web-panel-wr21-wr2115","product_name":"ctrlX HMI Web Panel - WR21 (WR2115)","version_start":"all","version_start_inclusive":true,"version_end":"all","version_end_inclusive":true,"cpe23_uri":"cve5:bosch-rexroth-ag:ctrlx-hmi-web-panel-wr21-wr2115:all:all"}],"exploit_refs":[],"news":[],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2023-10-25T14:18:08.811000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:30:22.759310Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:30:22.759310Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:30:22.759310Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:38:55.890154Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:38:55.890154Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:38:55.890154Z","label":"SSVC decision revised","source":"vulnrichment"}]}