The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.
This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: bosch
Published: 2023-10-25T14:18:08.811Z
Updated: 2023-10-25T14:18:08.811Z
Reserved: 2023-10-18T09:35:22.524Z
Link: CVE-2023-45851
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-25T18:17:35.427
Modified: 2023-11-06T14:33:29.510
Link: CVE-2023-45851
JSON object: View
Redhat Information
No data.
CWE