CVE-2023-48261 is a medium-severity SQL Injection vulnerability (CWE-89) found in the Rexroth Nexo cordless nutrunner model NXA015S-36V (0608842001), specifically affecting the NEXO-OS V1000-Release firmware. This vulnerability allows a remote, unauthenticated attacker to send specially crafted HTTP requests to the device, which improperly neutralizes special elements in SQL commands. As a result, the attacker can read arbitrary content from the device's results database. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based (remote). The CVSS v3.1 base score is 5.3, reflecting a medium severity level, with impact limited to confidentiality (read access to data) and no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The issue arises from insufficient input validation and sanitization of HTTP request parameters that are used directly in SQL queries, enabling injection of malicious SQL code to extract sensitive data stored within the device's database. This could expose operational data or sensitive configuration details stored on the nutrunner device.

For European organizations using Rexroth Nexo cordless nutrunners, particularly in manufacturing or industrial automation environments, this vulnerability poses a risk of unauthorized disclosure of sensitive operational data. While the vulnerability does not allow modification or disruption of device functions, the leakage of database contents could reveal production parameters, process results, or other proprietary information. This could lead to industrial espionage, loss of competitive advantage, or compliance issues related to data protection regulations such as GDPR if personal or sensitive data is involved. The remote and unauthenticated nature of the exploit increases the risk, especially if these devices are accessible from less secure network segments or exposed to the internet. However, the lack of known exploits and the medium severity rating suggest that the immediate risk is moderate but should not be ignored, especially in critical manufacturing environments where Rexroth devices are deployed.

Organizations should immediately assess their deployment of Rexroth Nexo cordless nutrunners to identify affected devices running NEXO-OS V1000-Release. Network segmentation should be enforced to isolate these devices from untrusted networks and limit access to trusted personnel and systems only. Monitoring HTTP traffic to these devices for unusual or malformed requests can help detect attempted exploitation. Since no patches are currently available, contacting Rexroth for official firmware updates or mitigation guidance is critical. As a temporary measure, implementing web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to block suspicious SQL injection patterns targeting the device's HTTP interface can reduce risk. Additionally, reviewing and hardening device configuration to disable unnecessary network services or interfaces can minimize exposure. Finally, organizations should incorporate this vulnerability into their vulnerability management and incident response processes to ensure timely detection and remediation once patches are released.