Ctrlx Os Device Admin

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:bosch_rexroth_ag:ctrlx_os_-_device_admin:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorBosch Rexroth Ag (1dedc962-7ef7-51a0-a857-e2a074563874)
ProductCtrlx Os Device Admin (eeb4efac-090f-5aab-8a2e-5cd76c57e936)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-27532 vulnerable 2026-06-08 07:14:55.275769 Details available
MEDIUM (6.5)
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
Published: 2025-04-30T11:49:02.687Z
Updated: 2025-04-30T14:08:31.240Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24351 vulnerable 2026-06-08 07:12:48.504599 Details available
HIGH (8.8)
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
Published: 2025-04-30T11:47:00.441Z
Updated: 2026-02-26T18:27:53.157Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24350 vulnerable 2026-06-08 07:12:48.504387 Details available
HIGH (7.1)
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
Published: 2025-04-30T11:45:52.088Z
Updated: 2025-04-30T14:23:43.476Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24349 vulnerable 2026-06-08 07:12:48.504171 Details available
HIGH (7.1)
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
Published: 2025-04-30T11:44:33.547Z
Updated: 2025-04-30T14:30:33.942Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24348 vulnerable 2026-06-08 07:12:48.503949 Details available
MEDIUM (5.4)
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
Published: 2025-04-30T11:42:54.314Z
Updated: 2025-04-30T14:34:17.218Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24347 vulnerable 2026-06-08 07:12:48.503650 Details available
MEDIUM (6.5)
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
Published: 2025-04-30T11:41:39.707Z
Updated: 2025-04-30T14:35:23.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24346 vulnerable 2026-06-08 07:12:48.503274 Details available
HIGH (7.5)
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
Published: 2025-04-30T11:39:42.899Z
Updated: 2026-02-26T18:27:53.666Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24345 vulnerable 2026-06-08 07:12:48.503029 Details available
MEDIUM (6.3)
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
Published: 2025-04-30T11:35:44.628Z
Updated: 2025-04-30T14:44:15.824Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24342 vulnerable 2026-06-08 07:12:48.502048 Details available
MEDIUM (5.3)
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.
Published: 2025-04-30T11:25:35.615Z
Updated: 2025-04-30T15:08:39.394Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24341 vulnerable 2026-06-08 07:12:48.501822 Details available
MEDIUM (6.5)
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device.
Published: 2025-04-30T11:14:47.046Z
Updated: 2025-04-30T15:11:57.073Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24340 vulnerable 2026-06-08 07:12:48.501556 Details available
MEDIUM (6.5)
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
Published: 2025-04-30T10:59:06.633Z
Updated: 2025-04-30T15:44:38.122Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-24339 vulnerable 2026-06-08 07:12:48.501119 Details available
MEDIUM (5)
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.
Published: 2025-04-30T10:54:56.607Z
Updated: 2025-04-30T15:46:30.151Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.