Patch Now or Pay Later: Urgent Update Needed for Bosch Rexroth Nutrunners After 23 Vulnerabilities Exposed

Researchers at Nozomi Networks have identified 23 vulnerabilities in the widely used Bosch Rexroth Nutrunner NXA015S-36V-B. These high-precision tools are employed in factories and plants globally for fastening in the manufacturing and maintenance of various equipment.

Experts state that these vulnerabilities allow remote access to the devices and the execution of arbitrary code. Two attack scenarios demonstrated by the researchers clearly show that the consequences could be quite severe:

1. Installing ransomware on all nutrunners in a workshop, seizing control, and displaying a ransom demand on the screen. Such a widespread attack could halt the entire production cycle for an extended period, incurring multimillion-dollar losses, especially for large corporations.
2. Covertly altering the fastening settings while maintaining normal readings on the nutrunner’s display. This could secretly loosen or overtighten fastenings, leading, at best, to premature equipment failure, and at worst, to far more serious consequences. Imagine if hackers decided to lower the torque for fastening parts of a passenger airplane. This could potentially lead to a catastrophic aviation disaster.

A PoC ransomware running on the test nutrunner

Many of the discovered vulnerabilities can be exploited for attacks without authentication, directly from the enterprise’s network. Others allow malicious actors, who have already gained limited access to the tool management systems, to elevate their privileges for full-scale attacks from an external network.

Bosch Rexroth has confirmed receiving information about the vulnerabilities from researchers and has promised to release a corrective patch by the end of January 2024.

Experts recommend that enterprises using these vulnerable devices install this patch immediately after its release to mitigate the risks of attacks on workshop equipment.

Although the likelihood of widespread exploitation of these vulnerabilities is low, there is a risk of targeted attacks by hacktivists or state-sponsored groups.