FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
04-05-2022 01:44 PM
Hi!
there is no mentioning of this security hole in the security advisories: https://thenewstack.io/oh-snap-security-holes-found-in-linux-packaging-system/
Does this mean that ctrlX CORE is not effected?
https://www.boschrexroth.com/en/dc/product-security/security-advisories/
Thanks
J
Solved! Go to Solution.
04-08-2022 07:47 AM
Hi J,
we have internally analyzed the vulnerabilities when we were first notified about it a while back.
To exploit the vulnerabilities, a local user account on the device with shell access is required. This is by default not the case on the ctrlX CORE. You have to request a system-user to be able to log in via e.g. SSH first - and then you already have root permissions, which makes the exploitation obsolete.
So - no, we are not affected and therefore no advisory was published.