CVE-2024-48989 Bosch Rexroth AG CVE debrief

Who should care

Organizations operating Bosch Rexroth IndraDrive servo drives in industrial automation environments, particularly those with PROFINET network connectivity. Critical infrastructure operators, manufacturing facilities, and industrial control system administrators should prioritize assessment and patching.

Technical summary

The vulnerability exists in the PROFINET stack implementation of Bosch Rexroth IndraDrive servo drives. An unauthenticated remote attacker can cause a denial-of-service condition by sending arbitrary UDP messages to the device, resulting in complete unresponsiveness. The attack requires no privileges or user interaction and can be executed over the network with low complexity. Affected versions include firmware 17VRS through versions prior to 20V36. The fixed version FWA-INDRV-MP-20V36 addresses this vulnerability.

Defensive priority

high

Recommended defensive actions

• Update IndraDrive firmware to FWA-INDRV-MP-20V36 or later to remediate this vulnerability
• If immediate patching is not feasible, implement network segmentation to isolate affected IndraDrive devices from untrusted networks
• Apply compensatory controls per Bosch Rexroth's Security Manual Electric Drives and Controls
• Monitor for anomalous UDP traffic targeting PROFINET ports on affected device networks
• Contact Bosch PSIRT at [email protected] for additional technical guidance or vulnerability information

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-312-03. Affects PROFINET stack implementation in IndraDrive firmware versions 17VRS through versions prior to 20V36. CVSS 3.1 score of 7.5 (HIGH) reflects network attack vector with low complexity, no privileges required, and high availability impact.

Official resources