• 1 (current)
  • 2
September 2022
Titel
Information Disclosure in VIDEOJET Decoder and Operator Client application in BVMS
Veröffentlicht
21. September 2022 02:00
Text

BOSCH-SA-464066-BT: BVMS Operator Client application or the VIDEOJET Decoder VJD-7513 may receive an *unencrypted* live-stream from a camera which allows a man-in-the-middle attacker to compromise the confidential video streams.This happens only in combination with cameras of platform CPP13 or CPP14.x when encrypted UDP connection is configured. Please be aware that ...

August 2022
Titel
SafeLogic Designer vulnerabilities
Veröffentlicht
11. August 2022 02:00
Text

BOSCH-SA-463993: The SafeLogic Designer from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin regarding a vulnerability in the .NET framework. \[1\]A vulnerability in a .NET framework class used by SafeLogic Designer allows an attacker to craft malicious project files. Opening/importing such a malicious project ...

Titel
Multiple Vulnerabilities in BF-OS
Veröffentlicht
1. August 2022 02:00
Text

BOSCH-SA-013924-BT: Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution.The most critical vulnerability may allow an unauthenticated remote attacker to ...

Juni 2022
Titel
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Veröffentlicht
22. Juni 2022 02:00
Text

BOSCH-SA-247052-BT: Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch including an Improper Input Validation, an Improper Privilege Management and an Execution with Unnecessary Privileges vulnerability.These vulnerabilities can give root access and/or administrator privilege to the switch from the network.Customers are advised to upgrade to version 1.01.07 that solves vulnerabilities CVE-2022-32534, ...

Mai 2022
Titel
Vulnerabilities in the communication protocol of the PLC runtime
Veröffentlicht
2. Mai 2022 02:00
Text

BOSCH-SA-577411: The PLC application of the control systems ctrlX CORE, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contains PLC technology from CODESYS GmbH. The manufacturer CODESYS GmbH published multiple security bulletins \[1\], \[2\], \[3\], \[4\], \[5\]. By exploiting the vulnerabilities in the protocol for the communication between the PLC ...

April 2022
Titel
Improper Control of Generation of Code in Bosch MATRIX
Veröffentlicht
27. April 2022 02:00
Text

BOSCH-SA-309239-BT: The access control and time attendance management software Bosch MATRIX uses a version of the Java Spring Framework that is vulnerable to \"spring4shell\" (CVE-2022-22965). Bosch MATRIX does NOT use a configuration that is currently known to be exploitable using this vulnerability, but as the developers of Spring point out, ...

Titel
Vulnerability in routers FL MGUARD and TC MGUARD
Veröffentlicht
27. April 2022 02:00
Text

BOSCH-SA-982696: The FL MGUARD and TC MGUARD safety devices sold by Bosch Rexroth are devices from Phoenix Contact that have been introduced as trade goods. A security advisory has been published by the manufacturer, which indicates that devices are affected by a possible infinite loop within an OpenSSL library method ...

Titel
Multiple ctrlX CORE vulnerabilities
Veröffentlicht
20. April 2022 02:00
Text

BOSCH-SA-029150: The base operating system app core20, which is part of ctrlX CORE XCR (base system apps), includes vulnerable versions of expat, libc and OpenSSL. Furthermore, multiple ctrlX CORE apps use at least one of the libraries shipped with core20. An attacker might be able to escalate privileges, gain system ...

März 2022
Titel
Buffer Overflow Vulnerability in Recovery Image
Veröffentlicht
30. März 2022 02:00
Text

BOSCH-SA-446276-BT: A recently discovered security vulnerability allows an attacker to cause an buffer overflow in the recovery image, crashing the application and open the possibility for code execution.The recovery image can only be booted using a command requiring administrative access or requiring physical access to the device.Bosch rates this vulnerability ...

Titel
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Veröffentlicht
23. März 2022 01:00
Text

BOSCH-SA-479793-BT: A vulnerability has been discovered affecting the Bosch Fire Monitoring System (FSM-2500, FSM-5000, FSM-10k and obsolete FSM-10000). The issue applies to FSM server with version 5.6.630 and lower, and FSM client with version 5.6.2131 and lower. Bosch recommends customers to update vulnerable components with the provided patch. The vulnerability ...

Titel
Improper Restriction of XML External Entity Reference in BVMS
Veröffentlicht
16. März 2022 01:00
Text

BOSCH-SA-506619-BT: When BVMS is installed in an installation folder where low-priviledged users have write access, BVMS is affected by a security vulnerability, which potentially allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.Bosch rates the vulnerability with a CVSS v3.1 Base Score of 5.7 (Medium) when the ...

Januar 2022
Titel
Injection of arbitrary HTML code in Bosch Video Security Android App
Veröffentlicht
26. Januar 2022 01:00
Text

BOSCH-SA-844050-BT: A vulnerability was recently discovered in the Android Application Bosch Video Security that allows an attacker to inject random HTML code into a WebView object. This vulnerability could for example allow the loading of malicious forms that could lead to the theft of the user\'s private information.This vulnerability was ...

Titel
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)
Veröffentlicht
19. Januar 2022 01:00
Text

BOSCH-SA-940448-BT: The Bosch AMC2 (Access Modular Controller) is an door access controller. It takes access control decisions for a group of up to eight access points. These access points may consist of doors, gates, barriers, turn stiles, revolving doors, man-traps, ID card readers, door opening elements and sensors. The device ...

Dezember 2021
Titel
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS)
Veröffentlicht
22. Dezember 2021 01:00
Text

BOSCH-SA-993110-BT: The 1.0.31 software version of the PRAESENSA Advanced Public Address Server (PRA-APAS) contains version 2.10.0 of the Apache Log4j logging service. Recently Apache has warned that this Log4j version contains multiple vulnerabilities, including the Log4Shell vulnerability (CVE-2021-44228).This Log4Shell vulnerability allows remote code execution by sending a specifically crafted log ...

Titel
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Veröffentlicht
21. Dezember 2021 01:00
Text

BOSCH-SA-572602: The Apache Software Foundation has published information about a vulnerability in the Java logging framework *log4j*, which allows an attacker to execute arbitrary code loaded from LDAP or JNDI related endpoints which are under control of the attacker. \[1\]Additionally, a further vulnerability might allow an attacker to cause a ...

Titel
Multiple Vulnerabilities in Bosch BT software products
Veröffentlicht
8. Dezember 2021 01:00
Text

BOSCH-SA-043434-BT: A recently discovered security vulnerability allows an unauthenticated attacker to cause an application to crash (Denial of Service / DoS) and for the VRM opens the possibility to send unauthenticated commands for a short time (this vulnerability is rated critical).The VRM, DIVAR IP and BVMS with VRM are also ...

Oktober 2021
Titel
Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series
Veröffentlicht
4. Oktober 2021 02:00
Text

BOSCH-SA-741752: The control systems series Rexroth IndraMotion MLC and IndraLogic XLC are affected by multiple vulnerabilities in the web server, which – in combination – ultimately enable an attacker to log in to the system. - Information disclosure: The main configuration, including users and their hashed passwords, is exposed by ...

August 2021
Titel
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Veröffentlicht
4. August 2021 02:00
Text

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

Juli 2021
Titel
Vulnerabilities in CODESYS V2 runtime systems
Veröffentlicht
20. Juli 2021 02:00
Text

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

Juni 2021
Titel
Multiple vulnerabilities in Bosch IP cameras
Veröffentlicht
9. Juni 2021 02:00
Text

BOSCH-SA-478243-BT: Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final ...

Mai 2021
Titel
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Veröffentlicht
28. Mai 2021 02:00
Text

BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the ...

Titel
Vulnerability in the routing protocol of the PLC runtime
Veröffentlicht
19. Mai 2021 02:00
Text

BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, ...

April 2021
Titel
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Veröffentlicht
30. April 2021 02:00
Text

BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

Titel
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Veröffentlicht
30. April 2021 02:00
Text

BOSCH-SA-017743: Multiple vulnerabilities affecting OpenSSL Versions previous to 1.1.1k and Python 0 through 3.9.1, have been reported. Affected versions are included in the ctrlX CORE - IDE App. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. Two vulnerabilities (CVE-2021-3177 and CVE-2021-27619) are ...

Titel
ctrlX Multiple Vulnerabilities
Veröffentlicht
23. April 2021 02:00
Text

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and ...

  • 1 (current)
  • 2

Letzte Updates

BOSCH PSIRT
21.09.2022
CODESYS
27.07.2022
SIEMENS CERT
13.09.2022
US CERT
22.09.2022
US CERT (ICS)
22.09.2022

Nach Quelle

Archiv

2022
2021
2020
2019
2018
2017

Feeds