Vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization, according to OT cybersecurity firm Nozomi Networks.
Nozomi researchers found security holes in Bosch Rexroth's NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench designed for safety-critical tightening operations.
The machine has a built-in display providing real-time data to the operator and it can also connect to a wireless network through an embedded Wi-Fi module, enabling it to transmit data to a historian server and allowing users to remotely reprogram it.
Nozomi researchers discovered over two dozen vulnerabilities, a majority in the management application of the NEXO-OS operating system, and some related to the communication protocols designed for integration with SCADA, PLC and other systems.
Exploiting the vulnerabilities could allow unauthenticated attackers to take complete control of a nutrunner.
Lab tests conducted by the cybersecurity firm demonstrated how an attacker could launch a ransomware attack that involves making the device inoperable and displaying a ransom message on its built-in screen.
To make matters worse, such an attack can be automated to hack all of a company's nutrunners, causing significant disruption in the production line.
In another attack scenario simulated by the company in its lab, the attacker changes tightening program configurations, specifically the torque value.
This can cause the bolt to loosen, which can result in safety risks, or the manufacturing of a defective product, which can result in financial or reputational damage.
On the other hand, an overtightened connection places excess stress on the bolt and nut, which can cause a mechanical failure,potentially resulting in excessive warranty claims and reputational damage to the business, Nozomi explained.
A total of 25 CVE identifiers have been assigned to the flaws, including 11 that have a 'high severity' rating.
An unauthenticated attacker who is able to send network packets to the targeted device can achieve remote code execution with root privileges, completely compromising the system.
While the exploitation of some flaws requires authentication, this requirement can be achieved by chaining them with other vulnerabilities, such as hardcoded credentials.
While the vulnerabilities were found in the NXA015S-36V-B product, other Rexroth Nexo nutrunners are impacted as well, including several NXA, NXP and NXV series devices.
Bosch Rexroth has been informed about the vulnerabilities and Nozomi said the company plans on patching the flaws by the end of January 2024.
The cybersecurity firm has not made public any technical information in an effort to prevent malicious exploitation.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 09 Jan 2024 14:13:31 +0000