Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines

Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage.

Bosch nutrunner vulnerabilities

Vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization, according to OT cybersecurity firm Nozomi Networks.

Nozomi researchers found security holes in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations.

The machine has a built-in display providing real-time data to the operator and it can also connect to a wireless network through an embedded Wi-Fi module, enabling it to transmit data to a historian server and allowing users to remotely reprogram it. 

Nozomi researchers discovered over two dozen vulnerabilities, a majority in the management application of the NEXO-OS operating system, and some related to the communication protocols designed for integration with SCADA, PLC and other systems. 

Exploiting the vulnerabilities could allow unauthenticated attackers to take complete control of a nutrunner. Lab tests conducted by the cybersecurity firm demonstrated how an attacker could launch a ransomware attack that involves making the device inoperable and displaying a ransom message on its built-in screen. To make matters worse, such an attack can be automated to hack all of a company’s nutrunners, causing significant disruption in the production line. 

In another attack scenario simulated by the company in its lab, the attacker changes tightening program configurations, specifically the torque value. This can cause the bolt to loosen, which can result in safety risks, or the manufacturing of a defective product, which can result in financial or reputational damage. 

“In critical applications, the final torque levels applied to mechanical fastenings are calculated and engineered to ensure that the overall design and operational performance of the device is met,” Nozomi explained. “As an example, bolts, nuts and fixtures used in electrical switchboards must be torqued appropriately to ensure that connections between current carrying components, such as high voltage busbars, maintain a low resistance. A loose connection would result in higher operating temperatures and could, over time, cause a fire.”

On the other hand, an overtightened connection places excess stress on the bolt and nut, which can cause a mechanical failure,potentially resulting in excessive warranty claims and reputational damage to the business, Nozomi explained.

Advertisement. Scroll to continue reading.

“Depending on a manufacturer’s use and business configuration, devices such as the nutrunner may form a critical part of the quality management and assurance program in an enterprise, possibly even the last line of quality assurance. Compromise of the integrity in this final link in the quality chain may be difficult to detect, and have far reaching financial consequences resulting from compromised production quality over time,” the company added.

A total of 25 CVE identifiers have been assigned to the flaws, including 11 that have a ‘high severity’ rating. 

An unauthenticated attacker who is able to send network packets to the targeted device can achieve remote code execution with root privileges, completely compromising the system. While the exploitation of some flaws requires authentication, this requirement can be achieved by chaining them with other vulnerabilities, such as hardcoded credentials.

While the vulnerabilities were found in the NXA015S-36V-B product, other Rexroth Nexo nutrunners are impacted as well, including several NXA, NXP and NXV series devices.

Bosch Rexroth has been informed about the vulnerabilities and Nozomi said the company plans on patching the flaws by the end of January 2024. The vendor has released its own security advisory.

“Security is a top priority at Bosch Rexroth. Our experts continuously monitor any threats and take immediate countermeasures, if necessary, for example through updates offered by the manufacturers. With this approach, we can guarantee a high standard of security at Bosch Rexroth,” Bosch Rexroth told SecurityWeek in an emailed statement. 

It added, “Nozomi Networks informed us some weeks ago that they have found that there is a vulnerability associated with the Bosch Rexroth NXA015S-36V-B, a smart nutrunner/pneumatic torque wrench. Bosch Rexroth immediately took up this advice and is working on a patch to solve the problem. This patch will be released at the end of January 2024.”

The cybersecurity firm has not made public any technical information in an effort to prevent malicious exploitation. 

Related: Hackers Can Make Siemens Building Automation Controllers ‘Unavailable for Days’

Related: 9 Vulnerabilities Patched in SEL Power System Management Products 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.