• 1
  • 2 (current)
  • 3
April 2021
Titel
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Veröffentlicht
30. April 2021 02:00
Text

BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

Titel
ctrlX Multiple Vulnerabilities
Veröffentlicht
23. April 2021 02:00
Text

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and ...

März 2021
Titel
Denial of Service in Rexroth ActiveMover using Profinet protocol
Veröffentlicht
31. März 2021 02:00
Text

BOSCH-SA-637429: The ActiveMover with Profinet communication module (Rexroth no. 3842 559 445) sold by Bosch Rexroth contains communication technology from Hilscher (PROFINET IO Device V3) in which a vulnerability with high severity has been discovered. A Denial of Service vulnerability may lead to unexpected loss of cyclic communication or interruption ...

Titel
Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol
Veröffentlicht
31. März 2021 02:00
Text

BOSCH-SA-282922: The ActiveMover with the EtherNet/IP communication module (Rexroth no. 3842 559 444) sold by Bosch Rexroth contains communication technology from Hilscher (EtherNet/IP Core V2) in which a vulnerability with high severity has been discovered. A denial of service and memory corruption vulnerability could allow arbitrary code to be injected ...

Titel
Uncontrolled Search Path Element in Multiple Bosch Products
Veröffentlicht
24. März 2021 01:00
Text

BOSCH-SA-835563-BT: Multiple Bosch software applications are affected by a security vulnerability, which potentially allows an attacker to load additional code in the form of DLLs (commonly known as "DLL Hijacking" or "DLL Preloading"). This code is executed during the start of the vulnerable application and in the context of the ...

Titel
Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders
Veröffentlicht
2. März 2021 01:00
Text

BOSCH-SA-762869-BT: A recently discovered side channel attack for the NXP P5x security microcontrollers was made public. It allows attackers to extract an ECDSA private key after extensive physical access to the chip. The P5x is used as secure certificate storage on Bosch cameras and encoders built on platforms CPP-ENC CPP3 ...

Februar 2021
Titel
Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products
Veröffentlicht
24. Februar 2021 01:00
Text

BOSCH-SA-372917: Linux kernel versions through 5.10.11 contain weaknesses which allow local users to execute code in the kernel with the potential to escalate privileges [1][2]. In versions of sudo before 1.9.5p2 there is a weakness present which allows privilege escalation to root for local users [3]. The ctrlX CORE and ...

Januar 2021
Titel
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol
Veröffentlicht
27. Januar 2021 01:00
Text

BOSCH-SA-775371: The ID 200/C-ETH (Rexroth No. 3842 410 060) sold by Bosch Rexroth contains communication technology (499ES EtherNet/IP) from Real Time Automation (RTA) in which a critical vulnerability has been discovered. By exploiting the vulnerability an attacker can send a specially crafted packet that may result in a denial-of-service condition ...

Titel
Two Vulnerabilities in Bosch Fire Monitoring System (FSM)
Veröffentlicht
21. Januar 2021 01:00
Text

BOSCH-SA-332072-BT: Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). The critical issue applies to FSM systems with versions 5.2 and lower. Bosch rates these vulnerabilities with a CVSS v3.1 Base Score of 4.4 and 10.0 (medium and critical) and strongly recommends customers to update ...

Dezember 2020
Titel
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971
Veröffentlicht
18. Dezember 2020 01:00
Text

BOSCH-SA-274557: The OpenSSL Software Foundation has published information [1] for OpenSSL versions prior to 1.1.1i (1.1.1 – 1.1.1h) and 1.0.2x (1.0.2 – 1.0.2w) regarding a weakness in the `GENERAL_NAME_cmp` function. The vulnerability could allow an attacker to provoke a null pointer dereference, potentially leading to a denial of service. Multiple ...

Titel
Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products
Veröffentlicht
16. Dezember 2020 01:00
Text

BOSCH-SA-152060: The control systems IndraMotion MTX, MLC and MLD sold by Bosch Rexroth contain technology from CODESYS GmbH. The manufacturer published security bulletins [1], [2] about weaknesses in the communication interface of the PLC runtime. By exploiting these vulnerabilities, the control device can be put into a state in which ...

Titel
Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000
Veröffentlicht
16. Dezember 2020 01:00
Text

BOSCH-SA-387388: The PRC7000 welding timer sold by Bosch Rexroth AG contains a CODESYS Soft-PLC Runtime from 3S. The manufacturer published security reports [1] about several weaknesses. By exploiting those weaknesses, an attacker can cause denial-of-service conditions or acquire user credentials. The vulnerabilities affect all firmware versions up to 1.11.3, and ...

Oktober 2020
Titel
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs
Veröffentlicht
13. Oktober 2020 02:00
Text

BOSCH-SA-856281: Microsoft has published information [1] for several versions of Microsoft Windows XP Microsoft Windows XP embedded Microsoft Windows 7 and Microsoft Windows 7 Embedded Standard regarding a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system ...

September 2020
Titel
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
Veröffentlicht
28. September 2020 02:00
Text

BOSCH-SA-538331-BT: Two security vulnerabilities have been uncovered in the web based management interface of the PRAESIDEO Network Controller and the PRAESENSA System Controller. The vulnerabilities will allow a Cross-Site Request Forgery (CSRF) attack and a Cross-site Scripting (XSS) attack. For PRAESIDEO a third vulnerability will allow a replay attack with ...

Titel
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products
Veröffentlicht
25. September 2020 02:00
Text

BOSCH-SA-231483: A set of 6 vulnerabilities affect multiple versions of the WIBU Systems CodeMeter Runtime Software. This software is used by multiple Rexroth Products and Bosch Rexroth customers for license management. In order to successfully exploit these vulnerabilities an attacker requires access to the network or system. One vulnerability (CVE-2020-14509) ...

August 2020
Titel
Improper Certificate Validation in Bosch Smart Home System App for iOS
Veröffentlicht
24. August 2020 02:00
Text

BOSCH-SA-347336: A recently discovered security vulnerability affects the Bosch Smart Home System App for iOS. Both Bosch Smart Home Camera Apps as well as the Bosch Smart Home System App for Android are not affected. It potentially allows to intercept video contents by performing a man-in-the-middle attack. Since only connections ...

Mai 2020
Titel
Multiple Vulnerabilities in Bosch Recording Station (BRS)
Veröffentlicht
27. Mai 2020 02:00
Text

BOSCH-SA-363824-BT: Several issues have been discovered affecting the Bosch Recording Station (BRS). The critical issues apply to BRS systems which are connected to an open network. Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server. The product was ...

März 2020
Titel
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK
Veröffentlicht
16. März 2020 01:00
Text

BOSCH-SA-645125: The S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin [1] about a weakness in the web-based administration interface for managing the device properties. By exploiting the vulnerability the device can be put into a state in which network queries ...

Januar 2020
Titel
Missing Authentication for Critical Function in Bosch Video Streaming Gateway
Veröffentlicht
29. Januar 2020 01:00
Text

BOSCH-SA-260625-BT: A recently discovered security vulnerability affects the Bosch Video Streaming Gateway (VSG). The vulnerability is exploitable via the network interface. An unauthorized attacker can retrieve and set arbitrary configuration data of the VSG. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and strongly recommends ...

Titel
Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service
Veröffentlicht
29. Januar 2020 01:00
Text

BOSCH-SA-885551-BT: A recently discovered security vulnerability affects the BVMS Mobile Video Service (BVMS MVS). The vulnerability is exploitable via the network interface. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and recommends customers to update the vulnerable components with fixed software versions. The vulnerability was ...

Titel
Path Traversal in Bosch Video Management System
Veröffentlicht
29. Januar 2020 01:00
Text

BOSCH-SA-381489-BT: A path traversal vulnerability exists in the BVMS. An authenticated BVMS user can successfully request and fetch arbitrary files from the Central Server machine using the FileTransferService. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 7.7 (High) and strongly recommends customers to update vulnerable components with ...

Titel
Path Traversal in Bosch Video Management System NoTouch deployment
Veröffentlicht
29. Januar 2020 01:00
Text

BOSCH-SA-815013-BT: A path traversal vulnerability exists in the BVMS NoTouch deployment. If this vulnerability is exploited an unauthenticated attacker without local shell access to a BVMS Central Server system is able to fetch arbitrary data from the file system of the Central Server computer. Under specific circumstances an attack can ...

September 2019
Titel
Hard-coded Credentials in Access Professional Edition 3.7 downwards (CVE-2019-11898)
Veröffentlicht
11. September 2019 02:00
Text

BOSCH-SA-710832-BT: A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards. The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should ...

Titel
Improper Access Control in Access Professional Edition 3.7 downwards (CVE-2019-11899)
Veröffentlicht
11. September 2019 02:00
Text

BOSCH-SA-844044-BT: A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards. The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should ...

Titel
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Veröffentlicht
3. September 2019 02:00
Text

BOSCH-SA-553243-BT: A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Bosch relies on a Microsoft Windows operating system for several products. Consequently, some devices are affected ...

  • 1
  • 2 (current)
  • 3

Letzte Updates

BOSCH PSIRT
19.10.2022
CODESYS
03.11.2022
SIEMENS CERT
08.11.2022
US CERT
01.12.2022
US CERT (ICS)
01.12.2022

Nach Quelle

Archiv

2022
2021
2020
2019
2018
2017

Feeds