Bosch Rexroth IndraDrive

Plan PatchCVSS 7.5ICS-CERT ICSA-24-312-03Nov 7, 2024

Bosch Rexroth

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Bosch Rexroth IndraDrive FWA-INDRV-MP versions prior to 20V36 contain a vulnerability that allows an attacker to send arbitrary UDP messages to the device, causing it to become unresponsive (denial of service). The vulnerability has a CVSS score of 7.5, requires no authentication, and is remotely exploitable over the network.

What this means

What could happen

An attacker could render your drive controller unresponsive by sending specially crafted UDP packets, halting motor control and process operations until the device is restarted or rebooted.

Who's at risk

Organizations operating Bosch Rexroth IndraDrive FWA-INDRV-MP motor controllers in manufacturing, process automation, or motion control applications should assess their exposure. This includes facilities running pumps, conveyors, machine tool axes, or any process dependent on electric drive control.

How it could be exploited

An attacker with network access to the IndraDrive device sends malicious UDP packets directly to the drive. The device processes these packets unsafely and crashes or becomes unresponsive, disrupting any motor or process control dependent on that drive.

Prerequisites

Network access to UDP ports on the IndraDrive device
No authentication required
Device running firmware version earlier than 20V36

remotely exploitableno authentication requiredlow complexityaffects process availability

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

Bosch Rexroth AG IndraDrive FWA-INDRV-MP: 17VRS<20V3617VRS<20V3620V36+

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to IndraDrive devices using firewall rules; block incoming UDP traffic from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate IndraDrive FWA-INDRV-MP firmware to version 20V36 or later

Long-term hardening

0/1

HARDENINGSegment the drive control network from the business network and the internet

CVEs (1)

CVE-2024-48989

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d5c2444a-69ec-495f-90e1-8f166f0cad14

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.