März 2024
Titel
Command Injection in Bosch Network Synchronizer
Veröffentlicht
20. März 2024 01:00
Text

BOSCH-SA-152190-BT: A Command Injection vulnerability has been uncovered in the diagnostics interface of the Bosch Network Synchronizer. This vulnerability allows unauthorized users full access to the device.

Titel
BVMS affected by Autodesk Design Review Multiple Vulnerabilities
Veröffentlicht
13. März 2024 01:00
Text

BOSCH-SA-246962-BT: BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the ...

Titel
RPS and RPS-LITE operator and communication process vulnerabilities.
Veröffentlicht
13. März 2024 01:00
Text

BOSCH-SA-099637-BT: Security vulnerabilities related to password use, management and communication processes in RPS and RPS-LITE introduce potential for a malicious user to compromise the software. Bosch recommends to update to the latest version as soon as possible.

Titel
Git for Windows Multiple Security Vulnerabilities in Bosch DIVAR IP all-in-one Devices
Veröffentlicht
6. März 2024 01:00
Text

BOSCH-SA-637386-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application.\Multiple Git for Windows vulnerabilities have been discovered in DIVAR IP System Manager versions prior to 2.3.0, affecting several Bosch DIVAR IP all-in-one models.

Titel
Multiple OpenSSL vulnerabilities in BVMS
Veröffentlicht
6. März 2024 01:00
Text

BOSCH-SA-090577-BT: BVMS is using a Device Adapter service for communication with Tattile cameras which is also active when no Tattile cameras are added in the BVMS installation. This service uses an OpenSSL library, which has multiple vulnerabilities as published by OpenSSL. When successfully exploited, these vulnerabilities could lead to command ...

Januar 2024
Titel
Open Port 8899 in BCC Thermostat Product
Veröffentlicht
9. Januar 2024 01:00
Text

BOSCH-SA-473852: A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat products, which allows an un-authencated connection from a local WiFi network.

Titel
Multiple vulnerabilities in Nexo cordless nutrunner
Veröffentlicht
8. Januar 2024 01:00
Text

BOSCH-SA-711465: The Nexo cordless nutrunner running NEXO-OS V1500-SP2 has some vulnerabilities which allows an attacker: - to read/upload/download/delete arbitrary files in all paths of the system, - to inject and execute arbitrary client-side script code, arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim's session, - to ...

Dezember 2023
Titel
Command injection vulnerability in Bosch IP Cameras
Veröffentlicht
13. Dezember 2023 01:00
Text

BOSCH-SA-638184-BT: A vulnerability was discovered in Bosch IP cameras of families CPP13 and CPP14, that allows an authenticated user with administrative rights to execute arbitrary commands in the operating system of the camera.

Titel
Denial of Service vulnerability in Bosch BT software products
Veröffentlicht
13. Dezember 2023 01:00
Text

BOSCH-SA-092656-BT: An security vulnerability discovered in Bosch internal tests allows an unauthenticated attacker to interrupt normal functions and cause a Denial of Service / DoS.Bosch rates this vulnerability with a CVSSv3.1 base scores of 7.5 (High) for products using the vulnerable function as a server and 5.9 (medium) for products ...

November 2023
Titel
Multiple vulnerabilities on ctrlX HMI / WR21
Veröffentlicht
21. November 2023 01:00
Text

BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication ...

Oktober 2023
Titel
Multiple vulnerabilities on ctrlX HMI Web Panel - WR21
Veröffentlicht
25. Oktober 2023 02:00
Text

BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.Furthermore, the ...

Titel
Vulnerability in SICK Flexi Soft Gateway
Veröffentlicht
24. Oktober 2023 02:00
Text

BOSCH-SA-164691: The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin \[1\] regarding an authentication bypass by capture-replay. Exploiting the vulnerability would allow an unauthenticated attacker to login to the gateways by sending specially crafted packets and potentially impact the availability, integrity and ...

Titel
Multiple vulnerabilities in ctrlX WR21 HMI
Veröffentlicht
20. Oktober 2023 02:00
Text

BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.

August 2023
Titel
Remote Code Execution in RTS VLink Virtual Matrix
Veröffentlicht
30. August 2023 02:00
Text

BOSCH-SA-893251-BT: A security vulnerability has been uncovered in the admin interface of the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack.Versions v5 (\< 5.7.6) and v6 (\< 6.5.0) of the RTS VLink Virtual Matrix Software are affected by this vulnerability. Older versions are ...

Juli 2023
Titel
Vulnerability in the interface module SLC-0-GPNT00300
Veröffentlicht
4. Juli 2023 02:00
Text

BOSCH-SA-894143: The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin \[1\] regarding the missing authentication for a critical function. Exploiting the vulnerability would allow an unauthenticated attacker to change the IP address of the device and affect the availability of the module.

Titel
Security Advisory for the FL MGUARD family of devices
Veröffentlicht
4. Juli 2023 02:00
Text

BOSCH-SA-833074: The FL MGUARD family devices sold by Bosch Rexroth are devices from Phoenix Contact that have been introduced as trade goods. A security advisory has been published by the manufacturer, which indicates that the devices are affected by two vulnerabilities regarding RSA decryption and MAC filtering. \[1\] Parts No. ...

Juni 2023
Titel
Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share
Veröffentlicht
29. Juni 2023 02:00
Text

BOSCH-SA-988400-BT: In a recent survey of BIS installations worldwide Bosch identified that for some installations the security settings may not meet our recommended security standards. For this reason, we have updated our \"Cybersecurity Guidebook\".Section 4.5 of the Cybersecurity Guidebook describes how to configure access permissions for a shared folder of ...

Titel
Information Disclosure Vulnerability in Bosch IP cameras
Veröffentlicht
28. Juni 2023 02:00
Text

BOSCH-SA-839739-BT: An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.This vulnerability was discovered by Souvik Kandar ...

Mai 2023
Titel
Possible damage of secure element in Bosch IP cameras
Veröffentlicht
31. Mai 2023 02:00
Text

BOSCH-SA-435698-BT: Due to an error in the software interface to the secure element chip on the cameras, the chip can be **permanently damaged** leading to an unusable camera when enabling the Stream security option (signing of the video stream) on Bosch CPP13 and CPP14 cameras. The default setting for this ...

Titel
Vulnerability in Wiegand card data interpretation
Veröffentlicht
24. Mai 2023 02:00
Text

BOSCH-SA-391095-BT: Bosch Access Control products AMC2-4WCF and AMC2-2WCF have a firmware bug which may lead to misinterpretation of access card data that is sent from a Wiegand reader. This may in turn lead to granting physical access to an unauthorized person. This vulnerability affects only products with Wiegand interface, i.e., ...

Titel
Unrestricted SSH port forwarding in BVMS
Veröffentlicht
24. Mai 2023 02:00
Text

BOSCH-SA-025794-BT: The Bosch Video Management System is using SSH server that does not restrict a port forwarding requested by an authenticated SSH client. An authenticated SSH client can request a connection which is forwarded by the BVMS SSH server to a resource within the trusted internal network, which is normally ...

Titel
.NET Remote Code Execution Vulnerability in BVMS, BIS and AMS
Veröffentlicht
24. Mai 2023 02:00
Text

BOSCH-SA-110112-BT: The Bosch Video Management System (BVMS), the Bosch Access Management System (AMS), and the Bosch Building Integration System (BIS) are using a vulnerable version of the Microsoft .NET package System.Text.Encodings.Web. The System.Text.Encodings.Web is a NuGet package from Microsoft, and Microsoft has published an advisory to provide information about a ...

April 2023
Titel
Use of Telnet in the interface module SLC-0-GPNT00300
Veröffentlicht
28. April 2023 02:00
Text

BOSCH-SA-387640: The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin \[1\] regarding the availability of a Telnet interface for debugging.The SLC-0-GPNT00300 provides a Telnet interface for debugging, which is enabled by factory default.\No password is set in the default configuration.\If the password ...

Titel
Insecure authentication in B420 legacy communication module
Veröffentlicht
26. April 2023 02:00
Text

BOSCH-SA-341298-BT: An authentication vulnerability was found in the B420 Ethernet communication module from Bosch Security Systems. This is a legacy product which is currently obsolete and was announced to reach End on Life (EoL) on 2013. The B420 was last sold in July 2013 and was replaced by the B426. ...

Dezember 2022
Titel
Multiple Vulnerabilities in NetApp DSA E2800 series
Veröffentlicht
7. Dezember 2022 01:00
Text

BOSCH-SA-609377-BT: The Bosch DSA E2800 products are based on NetApp technology, which incorporates a Linux Kernel and other components such as the Oracle Java Platform Standard Edition (Java SE), OpenSSL, SANtricity OS Controller Software, E-Series SANtricity OS Controller Software, Docker, Eclipse Jetty, GNU C Library (aka glibc), Libnss, Zlib. These ...

Letzte Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
09.04.2024
US CERT
26.02.2024
US CERT (ICS)
16.04.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds