BOSCH-SA-940448-BT: The Bosch AMC2 (Access Modular Controller) is an door access controller. It takes access control decisions for a group of up to eight access points. These access points may consist of doors, gates, barriers, turn stiles, revolving doors, man-traps, ID card readers, door opening elements and sensors. The device is designed for fully process the access logic at the assigned entrances.Two discovered security vulnerabilities allow an unauthenticated attacker to decrypt network traffic and change device configuration. This affects Bosch products Building Integration System (BIS), Access Management System (AMS), Access Professional Edition (APE), and Access Modular Controller (AMC2).For more details please see the description of the vulnerabilities in this advisory.Bosch rates the vulnerabilities CVE-2021-23842 and CVE-2021-23843 with a CVSS v3.1 Base Score of 5.7 (Medium) and 8.8 (High) respectively. The actual rating depends on the individual vulnerability and the final rating on the customer's environment.Customers are strongly advised to update to the fixed versions or consider listed mitigation.Both vulnerabilities were discovered by external security researcher Alexander Nochvay of Kaspersky.


https://psirt.bosch.com/security-advisories/bosch-sa-940448-bt.html