Improper Check or Handling of Exceptional Conditions

CVE-2021-23859

High

9.1/10

Summary

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-703 - Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

References

Advisory Timeline

Published Dec 08, 2021

Improper Check or Handling of Exceptional Conditions

CVE-2021-23859

Summary

CWE-703 - Improper Check or Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS