• 1 (current)
  • 2
Oktober 2021
Titel
Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series
Veröffentlicht
4. Oktober 2021 02:00
Text

BOSCH-SA-741752: The control systems series Rexroth IndraMotion MLC and IndraLogic XLC are affected by multiple vulnerabilities in the web server, which – in combination – ultimately enable an attacker to log in to the system. - Information disclosure: The main configuration, including users and their hashed passwords, is exposed by ...

August 2021
Titel
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Veröffentlicht
4. August 2021 02:00
Text

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

Juli 2021
Titel
Vulnerabilities in CODESYS V2 runtime systems
Veröffentlicht
20. Juli 2021 02:00
Text

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

Juni 2021
Titel
Multiple vulnerabilities in Bosch IP cameras
Veröffentlicht
9. Juni 2021 02:00
Text

BOSCH-SA-478243-BT: Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final ...

Mai 2021
Titel
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Veröffentlicht
28. Mai 2021 02:00
Text

BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the ...

Titel
Vulnerability in the routing protocol of the PLC runtime
Veröffentlicht
19. Mai 2021 02:00
Text

BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, ...

April 2021
Titel
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Veröffentlicht
30. April 2021 02:00
Text

BOSCH-SA-017743: Multiple vulnerabilities affecting OpenSSL Versions previous to 1.1.1k and Python 0 through 3.9.1, have been reported. Affected versions are included in the ctrlX CORE - IDE App. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. Two vulnerabilities (CVE-2021-3177 and CVE-2021-27619) are ...

Titel
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Veröffentlicht
30. April 2021 02:00
Text

BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

Titel
ctrlX Multiple Vulnerabilities
Veröffentlicht
23. April 2021 02:00
Text

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and ...

März 2021
Titel
Denial of Service in Rexroth ActiveMover using Profinet protocol
Veröffentlicht
31. März 2021 02:00
Text

BOSCH-SA-637429: The ActiveMover with Profinet communication module (Rexroth no. 3842 559 445) sold by Bosch Rexroth contains communication technology from Hilscher (PROFINET IO Device V3) in which a vulnerability with high severity has been discovered. A Denial of Service vulnerability may lead to unexpected loss of cyclic communication or interruption ...

Titel
Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol
Veröffentlicht
31. März 2021 02:00
Text

BOSCH-SA-282922: The ActiveMover with the EtherNet/IP communication module (Rexroth no. 3842 559 444) sold by Bosch Rexroth contains communication technology from Hilscher (EtherNet/IP Core V2) in which a vulnerability with high severity has been discovered. A denial of service and memory corruption vulnerability could allow arbitrary code to be injected ...

Titel
Uncontrolled Search Path Element in Multiple Bosch Products
Veröffentlicht
24. März 2021 01:00
Text

BOSCH-SA-835563-BT: Multiple Bosch software applications are affected by a security vulnerability, which potentially allows an attacker to load additional code in the form of DLLs (commonly known as "DLL Hijacking" or "DLL Preloading"). This code is executed during the start of the vulnerable application and in the context of the ...

Titel
Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders
Veröffentlicht
2. März 2021 01:00
Text

BOSCH-SA-762869-BT: A recently discovered side channel attack for the NXP P5x security microcontrollers was made public. It allows attackers to extract an ECDSA private key after extensive physical access to the chip. The P5x is used as secure certificate storage on Bosch cameras and encoders built on platforms CPP-ENC CPP3 ...

Februar 2021
Titel
Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products
Veröffentlicht
24. Februar 2021 01:00
Text

BOSCH-SA-372917: Linux kernel versions through 5.10.11 contain weaknesses which allow local users to execute code in the kernel with the potential to escalate privileges [1][2]. In versions of sudo before 1.9.5p2 there is a weakness present which allows privilege escalation to root for local users [3]. The ctrlX CORE and ...

Januar 2021
Titel
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol
Veröffentlicht
27. Januar 2021 01:00
Text

BOSCH-SA-775371: The ID 200/C-ETH (Rexroth No. 3842 410 060) sold by Bosch Rexroth contains communication technology (499ES EtherNet/IP) from Real Time Automation (RTA) in which a critical vulnerability has been discovered. By exploiting the vulnerability an attacker can send a specially crafted packet that may result in a denial-of-service condition ...

Titel
Two Vulnerabilities in Bosch Fire Monitoring System (FSM)
Veröffentlicht
21. Januar 2021 01:00
Text

BOSCH-SA-332072-BT: Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). The critical issue applies to FSM systems with versions 5.2 and lower. Bosch rates these vulnerabilities with a CVSS v3.1 Base Score of 4.4 and 10.0 (medium and critical) and strongly recommends customers to update ...

Dezember 2020
Titel
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971
Veröffentlicht
18. Dezember 2020 01:00
Text

BOSCH-SA-274557: The OpenSSL Software Foundation has published information [1] for OpenSSL versions prior to 1.1.1i (1.1.1 – 1.1.1h) and 1.0.2x (1.0.2 – 1.0.2w) regarding a weakness in the `GENERAL_NAME_cmp` function. The vulnerability could allow an attacker to provoke a null pointer dereference, potentially leading to a denial of service. Multiple ...

Titel
Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products
Veröffentlicht
16. Dezember 2020 01:00
Text

BOSCH-SA-152060: The control systems IndraMotion MTX, MLC and MLD sold by Bosch Rexroth contain technology from CODESYS GmbH. The manufacturer published security bulletins [1], [2] about weaknesses in the communication interface of the PLC runtime. By exploiting these vulnerabilities, the control device can be put into a state in which ...

Titel
Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000
Veröffentlicht
16. Dezember 2020 01:00
Text

BOSCH-SA-387388: The PRC7000 welding timer sold by Bosch Rexroth AG contains a CODESYS Soft-PLC Runtime from 3S. The manufacturer published security reports [1] about several weaknesses. By exploiting those weaknesses, an attacker can cause denial-of-service conditions or acquire user credentials. The vulnerabilities affect all firmware versions up to 1.11.3, and ...

Oktober 2020
Titel
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs
Veröffentlicht
13. Oktober 2020 02:00
Text

BOSCH-SA-856281: Microsoft has published information [1] for several versions of Microsoft Windows XP Microsoft Windows XP embedded Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system ...

September 2020
Titel
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
Veröffentlicht
28. September 2020 02:00
Text

BOSCH-SA-538331-BT: Two security vulnerabilities have been uncovered in the web based management interface of the PRAESIDEO Network Controller and the PRAESENSA System Controller. The vulnerabilities will allow a Cross-Site Request Forgery (CSRF) attack and a Cross-site Scripting (XSS) attack. For PRAESIDEO a third vulnerability will allow a replay attack with ...

Titel
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products
Veröffentlicht
25. September 2020 02:00
Text

BOSCH-SA-231483: A set of 6 vulnerabilities affect multiple versions of the WIBU Systems CodeMeter Runtime Software. This software is used by multiple Rexroth Products and Bosch Rexroth customers for license management. In order to successfully exploit these vulnerabilities an attacker requires access to the network or system. One vulnerability (CVE-2020-14509) ...

August 2020
Titel
Improper Certificate Validation in Bosch Smart Home System App for iOS
Veröffentlicht
24. August 2020 02:00
Text

BOSCH-SA-347336: A recently discovered security vulnerability affects the Bosch Smart Home System App for iOS. Both Bosch Smart Home Camera Apps as well as the Bosch Smart Home System App for Android are not affected. It potentially allows to intercept video contents by performing a man-in-the-middle attack. Since only connections ...

Mai 2020
Titel
Multiple Vulnerabilities in Bosch Recording Station (BRS)
Veröffentlicht
27. Mai 2020 02:00
Text

BOSCH-SA-363824-BT: Several issues have been discovered affecting the Bosch Recording Station (BRS). The critical issues apply to BRS systems which are connected to an open network. Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server. The product was ...

März 2020
Titel
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK
Veröffentlicht
16. März 2020 01:00
Text

BOSCH-SA-645125: The S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin [1] about a weakness in the web-based administration interface for managing the device properties. By exploiting the vulnerability the device can be put into a state in which network queries ...

  • 1 (current)
  • 2

Letzte Updates

BOSCH PSIRT
04.10.2021
CODESYS
19.11.2021
SIEMENS CERT
09.11.2021
US CERT
17.11.2021
US CERT (ICS)
18.11.2021

Nach Quelle

Archiv

2021
2020
2019
2018
2017

Feeds