A new report released today by industrial cybersecurity firm Nozomi Networks Inc. details previously unknown vulnerabilities in a pneumatic torque wrench used in automotive product lines that could be used to cause production line stoppages and potentially large-scale financial losses to asset owners.

The vulnerabilities reside in the Bosch Rexroth NXA015S-36V-B smart nutrunner, a popular pneumatic torque wrench. Pneumatic torque wrenches on vehicle production lines are used to apply a specific, precise torque to fasteners, ensuring the correct assembly and safety of the vehicles. Torque is a measure of the rotational force applied to an object, typically used to ensure that fasteners such as nuts and bolts are tightened to the correct degree.

In critical applications, the final torque levels applied to mechanical fastenings are calculated and engineered to ensure that the overall design and operational performance of the device is met. Getting that wrong can result in a loose connection that would result in higher operating temperatures and could, over time, cause a fire.

The Bosch Rexroth device uses an operating system called NEXO-OS and this is the vulnerabilities primarily lie. The vulnerabilities allow an unauthenticated attacker to send network packets to the target device to obtain remote execution of arbitrary code with root privileges, ultimately compromising it. Once this unauthorized access is gained, numerous attack scenarios become possible.

The two scenarios start with the ability to deploy ransomware to make the device completely inoperable by preventing a local operator from controlling the drill through the onboard display and turning off the trigger button. The display on the device can also be altered to show a message on the screen requesting the payment of a ransom.

The second scenario, the more dangerous one, could allow an attacker to stealthily alter the configuration of tightening programs, such as by increasing or decreasing the target torque value. By hacking the graphical user interface on the onboard display, an attacker could also show a normal value to the operator, who would remain completely unaware of the change.

The Nozomi Networks researchers note that depending on a manufacturer’s use and business configuration, devices such as the nutrunner may form a critical part of an enterprise’s quality management and assurance program, possibly even the last line of quality assurance. Compromise of the integrity in this final link in the quality chain may be difficult to detect and have far-reaching financial consequences resulting from compromised production quality over time.

Bosch Rexroth AG is set to deliver official patches by the end of January 2024. In the meantime, the researchers advise users to use mitigation methods to protect against cyberattacks. These include restricting the network reachability of the device as much as possible, reviewing all accounts with login access, and being cautious when opening untrusted links or visiting external websites with a browsing session to the management web application in progress.

Photo: Land Rover MENA/Wikimedia Commons