Alarming ! : Bosch Automotive Production Lines on Hacker’s Target

By /
Cybersecurity researchers from Nozomi Networks highlighted vulnerabilities in Bosch Rexroth nutrunners, commonly used in the automotive industry. These flaws could be exploited by hackers for financial gain or by malicious actors aiming to disrupt or damage the reputation of the targeted organization.
Bosch Automotive Production Lines on Hacker's Target

Specifically, the identified security holes were found in Bosch Rexroth’s NXA015S-36V-B nutrunner, a cordless handheld tool used for critical tightening operations in vehicles. This nutrunner includes a display for real-time data and has wireless connectivity via embedded Wi-Fi, allowing data transmission to a historian server and remote reprogramming.

Nozomi researchers uncovered over two dozen vulnerabilities, primarily in the management application of the NEXO-OS operating system. Some issues were linked to communication protocols used for SCADA, PLC, and other system integrations.

These vulnerabilities could allow unauthorized individuals to take full control of the nutrunner. Nozomi’s lab tests demonstrated scenarios where attackers could launch ransomware attacks, rendering the device inoperable and displaying ransom messages on its screen. Such attacks could be automated across a company’s nutrunners, causing significant production disruptions.

Moreover, simulated attacks showed how manipulating tightening program settings, like torque values, could lead to safety risks or the manufacturing of defective products, resulting in financial or reputational damage for the company.

Nozomi emphasized the critical role of proper torque in mechanical fastenings, particularly in ensuring operational performance and safety in devices like electrical switchboards. Loose connections due to tampering could lead to increased operating temperatures and potential fire hazards.

The impact of overtightening connections was also highlighted, as it could cause mechanical failures, leading to warranty claims and damage to a company’s reputation.

A total of 25 CVE identifiers were assigned to these vulnerabilities, with 11 classified as having ‘high severity.’

Bosch Rexroth was alerted about these vulnerabilities and plans to release patches by the end of January 2024, as per Nozomi. Rexroth emphasized its commitment to security and stated it’s actively working on solving the issue.

To prevent malicious exploitation, Nozomi hasn’t disclosed technical details publicly.

Interesting Article : Critical Microsoft Sharepoint Vulnerability (CVE-2023-29357) : CISA Urges Immediate Action

3 thoughts on “Alarming ! : Bosch Automotive Production Lines on Hacker’s Target”

  1. Pingback: Securing Networks: Ivanti Responds Swiftly to Zero-Day Exploits -

  2. Pingback: Mitigating the Critical Microsoft SharePoint Vulnerability: CISA Urges Immediate Action -

  3. Pingback: Turkish Hackers Target Microsoft SQL Servers in America & Europe -

Comments are closed.

Scroll to Top