BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication borders.Additionally, the \"Android Agent\" application which is an onboard application of ctrlX HMI/ WR21 before build date 20231107 contains some weaknesses regarding the execution of arbitrary commands on the device. All weaknesses were eliminated in the newest firmware version which can be updated on the existing devices.


https://psirt.bosch.com/security-advisories/bosch-sa-175607.html