Nozomi researchers have identified over two dozen vulnerabilities in Bosch Rexroth’s NXA015S-36V-B nutrunner, a crucial pneumatic torque wrench used in safety-critical operations. The flaws, predominantly in the NEXO-OS operating system, could allow unauthenticated attackers to take control, leading to potential ransomware attacks and automation threats across a company’s nutrunners.
Recent investigations by Nozomi researchers have exposed alarming vulnerabilities in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench crucial for safety-critical tightening operations.
Key Findings
- The NXA015S-36V-B features a built-in display for real-time data and connects wirelessly via an embedded Wi-Fi module, facilitating remote reprogramming.
- Over two dozen vulnerabilities were uncovered, mainly in the NEXO-OS operating system’s management application, with some affecting communication protocols tied to SCADA, PLC, and other systems.
- Exploiting these vulnerabilities could grant unauthenticated attackers complete control, potentially leading to ransomware attacks and automation threats across a company’s nutrunners.
Security Implications
Simulated attacks revealed severe consequences, including ransomware rendering devices inoperable and manipulation of tightening program configurations, posing safety risks and financial damage.
Nozomi emphasized the critical role of torque precision in applications like electrical switchboards, where loose connections could lead to fires, and overtightening might result in mechanical failures, warranty claims, and reputational harm.
Vulnerability Details
- A total of 25 CVE identifiers, with 11 rated as ‘high severity.’
- Unauthenticated attackers sending network packets can achieve remote code execution with root privileges.
- Authentication requirements can be bypassed by exploiting chained vulnerabilities, including hardcoded credentials.
Vulnerabilities extend beyond the NXA015S-36V-B model, affecting other Rexroth Nexo nutrunners, including NXA, NXP, and NXV series devices.
Bosch Rexroth has been alerted and plans to patch the flaws by the end of January 2024. The company assures a commitment to security and prompt countermeasures against potential threats.
“Security is a top priority at Bosch Rexroth. Our experts continuously monitor any threats and take immediate countermeasures if necessary…”
“Nozomi Networks informed us some weeks ago that they have found that there is a vulnerability… This patch will be released at the end of January 2024.”
Preventing Exploitation
Nozomi Networks has refrained from disclosing technical information publicly to prevent malicious exploitation of the vulnerabilities.
