Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M

Published

2021-05-28 00:00:00 UTC

Summary

BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the user password is transmitted as a clear text parameter. Latest firmware versions allow only https. If a software update is not possible in a timely manner, a reduction in the systems network exposure is advised. Internet-accessible systems should be firewalled. Additional protective steps like network isolation by VLAN. These vulnerabilities were reported by Chizuru Toyama of TXOne IoT/ICS Security Research Labs. ### Impact Under certain circumstances, a malicious or unintended user could gain access to the B426 web server and access the configuration pages without needing to enter login credentials.