Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products

Published

2020-12-16 00:00:00 UTC

Summary

BOSCH-SA-152060: The control systems IndraMotion MTX, MLC and MLD sold by Bosch Rexroth contain technology from CODESYS GmbH. The manufacturer published security bulletins [1], [2] about weaknesses in the communication interface of the PLC runtime. By exploiting these vulnerabilities, the control device can be put into a state in which network queries are no longer answered. To restore the device to a proper state, it must be restarted. These vulnerabilities affect all available software versions of Rexroth IndraMotion MTX, MLC and MLD.