Ga naar de hoofdinhoud
Bosch Security and Safety Systems I België

Beveiligingsadviezen

Onderstaande beveiligingsadviezen (Security Advisories) informeren u over geïdentificeerde beveiligingslekken in ons product of onze service en voorgestelde oplossingen.

2023

Security
Advisory ID 		Assigned CVE
IDs 		CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH-SA-893251-BT
Assigned CVE
IDs
  • CVE-2023-34999
 CVSS* Score
8.4
Affected
Bosch Products
  • RTS VLink Virtual Matrix Software
 Title
Remote Code Execution in RTS VLink Virtual Matrix
Publication
Date
2023-08-30
Last Update
2023-08-30
Security
Advisory ID
BOSCH-SA-247054-BT
Assigned CVE
IDs
  • Multiple CVEs in 3rd party components (see Advisory)
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch PRA-ES8P2S
 Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication
Date
2023-07-26
Last Update
2023-07-26
Security
Advisory ID
BOSCH-SA-988400-BT
Assigned CVE
IDs
  • CVE-2023-29241
 CVSS* Score
8.1
Affected
Bosch Products
  • Bosch BIS
 Title
Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share
Publication
Date
2023-06-28
Last Update
2023-06-28
Security
Advisory ID
BOSCH-SA-839739-BT
Assigned CVE
IDs
  • CVE-2022-41677
 CVSS* Score
5.3
Affected
Bosch Products
  • Bosch Camera Firmware
Title
Information Disclosure Vulnerability in Bosch IP cameras
Publication
Date
2023-06-28
Last Update
2023-07-31
Security
Advisory ID
BOSCH-SA-435698-BT
Assigned CVE
IDs
  • CVE-2023-32229
 CVSS* Score
4.9
Affected
Bosch Products
  • Bosch Camera Firmware
 Title
Possible damage of secure element in Bosch IP cameras
Publication
Date
2023-05-31
Last Update
2023-05-31
Security
Advisory ID
BOSCH-SA-110112-BT
Assigned CVE
IDs
  • CVE-2021-26701
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch AMS
  • Bosch BIS
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Bosch DIVAR IP 7000 R2
  • Bosch Bosch DIVAR IP all-in-one 5000
  • Bosch Bosch DIVAR IP all-in-one 7000
  • Bosch Bosch DIVAR IP all-in-one 7000 R3
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 6000
 Title
.NET Remote Code Execution Vulnerability in BVMS, BIS and AMS
Publication
Date
2023-05-24
Last Update
2023-05-24
Security
Advisory ID
BOSCH-SA-391095
Assigned CVE
IDs
  • CVE-2023-32228
 CVSS* Score
4.6
Affected
Bosch Products
  • Bosch AMS
  • Bosch BIS
 Title
Vulnerability in Wiegand card data interpretation
Publication
Date
2023-05-24
Last Update
2023-05-24
Security
Advisory ID
BOSCH-SA-025794-BT
Assigned CVE
IDs
  • CVE-2023-28175
 CVSS* Score
7.1
Affected
Bosch Products
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Bosch DIVAR IP 3000
  • Bosch Bosch DIVAR IP 7000 R1
  • Bosch Bosch DIVAR IP 7000 R2
  • Bosch Bosch DIVAR IP all-in-one 5000
  • Bosch Bosch DIVAR IP all-in-one 7000
  • Bosch Bosch DIVAR IP all-in-one 7000 R3
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 6000
 Title
Unrestricted SSH port forwarding in BVMS
Publication
Date
2023-05-24
Last Update
2023-05-24
Security
Advisory ID
BOSCH-SA-341298-BT
Assigned CVE
IDs
  • CVE-2022-47648
CVSS* Score
7.6
Affected
Bosch Products
  • Bosch B420
 Title
Insecure authentication in B420 legacy communication module
Publication
Date
2023-04-26
Last Update
2023-04-26
*CVSS - Common Vulnerability Scoring System

2022

Security
Advisory ID 		Assigned CVE
IDs 		CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH-SA-247053-BT
Assigned CVE
IDs
  • Multiple CVEs in 3rd party components (see Advisory)
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch PRA-ES8P2S
Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication
Date
2022-11-23
Last Update
2023-06-28
Security
Advisory ID
BOSCH-SA-454166-BT
Assigned CVE
IDs
  • CVE-2022-40183
  • CVE-2022-40184
 CVSS* Score
5.8
Affected
Bosch Products
  • Bosch VIDEOJET multi 4000
 Title
Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000
Publication
Date
2022-10-19
Last Update
2023-01-18
Security
Advisory ID
BOSCH-SA-609377-BT
Assigned CVE
IDs
  • Multiple CVEs in 3rd party components (see Advisory)
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DSA E2800 Base units
  • Bosch DSA E2800 Dual Controllers
 Title
Multiple Vulnerabilities in NetApp DSA E2800 series
Publication
Date
2022-10-19
Last Update
2022-12-07
Security
Advisory ID
BOSCH-SA-464066-BT
Assigned CVE
IDs
  • CVE-2022-32540
 CVSS* Score
7.4
Affected
Bosch Products
  • Bosch BVMS
  • Bosch VJD-7513
 Title
Information Disclosure in VIDEOJET Decoder and Operator Client
application in BVMS
Publication
Date
2022-09-21
Last Update
2022-09-21
Security
Advisory ID
BOSCH-SA-013924-BT
Assigned CVE
IDs
  • CVE-2022-36301
  • CVE-2022-36302
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch BF-OS
 Title
Multiple Vulnerabilities in BF-OS
Publication
Date
2022-08-01
Last Update
2022-11-03
Security
Advisory ID
BOSCH-SA-247052-BT
Assigned CVE
IDs
  • CVE-2022-32534
  • CVE-2022-32535
  • CVE-2022-32536
  • Multiple CVEs in 3rd party components
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch PRA-ES8P2S
 Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
BOSCH-SA-247052-BT
Publication
Date
2022-06-22
Last Update
2023-02-08
Security
Advisory ID
BOSCH-SA-309239-BT
Assigned CVE
IDs
  • CVE-2022-22965
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch MATRIX
 Title
Improper Control of Generation of Code in Bosch MATRIX
Publication
Date
2022-04-27
Last Update
2022-04-27
Security
Advisory ID
BOSCH-SA-446276-BT
Assigned CVE
IDs
  • CVE-2021-23850
  • CVE-2021-23851
 CVSS* Score
6.8
Affected
Bosch Products
  • Bosch CPP Firmware
 Title
Buffer Overflow Vulnerability in Recovery Image
Publication
Date
2022-03-30
Last Update
2022-09-07
Security
Advisory ID
BOSCH-SA-479793-BT
Assigned CVE
IDs
  • CVE-2018-1285
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch FSM-10000 Client
  • Bosch FSM-10000 Server
  • Bosch FSM-10k Client
  • Bosch FSM-10k Server
  • Bosch FSM-2500 Client
  • Bosch FSM-2500 Server
  • Bosch FSM-5000 Client
  • Bosch FSM-5000 Server
 Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Publication
Date
2022-03-23
Last Update
2022-03-23
Security
Advisory ID
BOSCH-SA-506619-BT
Assigned CVE
IDs
  • CVE-2018-1285
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
 Title
Improper Restriction of XML External Entity Reference in BVMS
Publication
Date
2022-03-16
Last Update
2022-03-16
Security
Advisory ID
BOSCH-SA-844050-BT
Assigned CVE
IDs
  • CVE-2021-23863
 CVSS* Score
6.1
Affected
Bosch Products
  • Bosch Video Security Android Application
 Title
Injection of arbitrary HTML code in Bosch Video Security Android App
Publication
Date
2022-01-26
Last Update
2022-09-07
Security
Advisory ID
BOSCH-SA-940448-BT
Assigned CVE
IDs
  • CVE-2021-23842
  • CVE-2021-23843
 CVSS* Score
8.8
Affected
Bosch Products
  • Bosch AMC2
  • Bosch AMS
  • Bosch APE
  • Bosch BIS
Title
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)
Publication
Date
2022-01-19
Last Update
2022-01-28
*CVSS - Common Vulnerability Scoring System

2021

Security
Advisory ID 		Assigned CVE
IDs 		CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH-SA-993110-BT
Assigned CVE
IDs
  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-45105
 CVSS* Score
10.0
Affected
Bosch Products
  • Bosch PRA-APAS
Title
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address
Server (PRA-APAS)
Publication
Date
2021-12-22
Last Update
2021-12-22
Security
Advisory ID
BOSCH-SA-043434-BT
Assigned CVE
IDs
  • CVE-2021-23859
  • CVE-2021-23860
  • CVE-2021-23861
  • CVE-2021-23862
 CVSS* Score
9.1
Affected
Bosch Products
  • Bosch AEC
  • Bosch APE
  • Bosch BIS
  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
  • Bosch VJD-7513
  • Bosch VJD-8000
  • Bosch VRM
  • Bosch VRM Exporter
 Title
Multiple Vulnerabilities in Bosch BT software products
Publication
Date
2021-12-08
Last Update
2021-12-08
Security
Advisory ID
BOSCH-SA-033305-BT
Assigned CVE
IDs
  • CVE-2021-23849
 CVSS* Score
7.5
Affected
Bosch Products
  • Bosch CPP Firmware
 Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Publication
Date
2021-08-04
Last Update
2021-10-07
Security
Advisory ID
BOSCH-SA-478243-BT
Assigned CVE
IDs
  • CVE-2021-23847
  • CVE-2021-23848
  • CVE-2021-23852
  • CVE-2021-23853
  • CVE-2021-23854
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch CPP Firmware
 Title
Multiple vulnerabilities in Bosch IP cameras
Publication
Date
2021-06-09
Last Update
2021-06-09
Security
Advisory ID
BOSCH-SA-196933-BT
Assigned CVE
IDs
  • CVE-2021-23845
  • CVE-2021-23846
 CVSS* Score
8.8
Affected
Bosch Products
  • Bosch B426 Firmware
  • Bosch B426-CN/B429- CN Firmware
  • Bosch B426-M Firmware
  • Bosch B426 Firmware
Title
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Publication
Date
2021-05-28
Last Update
2023-02-03
Security
Advisory ID
BOSCH-SA-835563-BT
Assigned CVE
IDs
  • CVE-2020-6785
  • CVE-2020-6786
  • CVE-2020-6787
  • CVE-2020-6788
  • CVE-2020-6789
  • CVE-2020-6790
  • CVE-2020-6771
 CVSS* Score
7.8
Affected
Bosch Products
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Configuration Manager
  • Bosch DIVAR IP 7000 R2
  • DIVAR IP all-in-one 5000
  • DIVAR IP all-in-one 7000
  • Bosch IP Helper
  • Bosch Monitor Wall
  • Bosch Video Client
  • Bosch Video Recording Manager
  • Bosch Video Streaming Gateway
 Title
Software Vulnerabilities: Uncontrolled Search Path Element
Publication
Date
2021-03-24
Last Update
2021-03-30
Security
Advisory ID
BOSCH-SA-762869-BT
Assigned CVE
IDs
  • CVE-2021-3011
 CVSS* Score
4.2
Affected
Bosch Products
  • Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3
 Title
Side Channel Key Extraction IP Cameras and Encoders Vulnerability
Publication
Date
2021-03-03
Last Update
2021-03-03
Security
Advisory ID
BOSCH-SA- 332072 -BT
Assigned CVE
IDs
  • CVE-2020-6779
  • CVE-2020-6780
 CVSS* Score
10.0
Affected
Bosch Products
  • Bosch FSM-2500
  • Bosch FSM-5000
 Title
Two vulnerabilities in Bosch Fire Monitoring System (FSM)
Publication
Date
2021-01-20
Last Update
2021-01-20
*CVSS - Common Vulnerability Scoring System

2020

Security
Advisory ID 		Assigned CVE
IDs 		CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH-SA-538331-BT
Assigned CVE
IDs
  • CVE-2020-6776
  • CVE-2020-6777
  • CVE-2020-15688
 CVSS* Score
8.8
Affected
Bosch Products
  • Bosch PRAESENSA
  • Bosch PRAESIDEO
Title
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
Publication
Date
2020-09-30
Last Update
2020-09-30
Security
Advisory ID
BOSCH-SA-363824-BT
Assigned CVE
IDs
  • CVE-2017-0144
  • CVE-2019-0708
  • CVE-2020-6774
 CVSS* Score
9.8
 Affected
Bosch Products
  • Bosch Recording Station
 Title
Multiple Vulnerabilities in Bosch Recording Station (BRS)
Publication
Date
2020-05-27
Last Update
2020-05-27
Security
Advisory ID
BOSCH-SA-381489-BT
Assigned CVE
IDs
  • CVE-2020-6767
 CVSS* Score
7.7
Affected
Bosch Products
  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
 Title
Path Traversal BVMS Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
BOSCH-SA-815013-BT
Assigned CVE
IDs
  • CVE-2020-6768
 CVSS* Score
8.6
Affected
Bosch Products
  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
 Title
NoTouch deployment service BVMS Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
BOSCH-SA-260625-BT
Assigned CVE
IDs
  • CVE-2020-6769
 CVSS* Score
10.0
Affected
Bosch Products
  • Bosch Video Streaming Gateway
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000
 Title
Missing Authentication for Critical Function Video Streaming Gateway Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
BOSCH-SA-885551-BT
Assigned CVE
IDs
  • CVE-2020-6770
 CVSS* Score
10.0
Affected
Bosch Products
  • Bosch BVMS Mobile Video Service
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
 Title
Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
*CVSS - Common Vulnerability Scoring System

2019

Security
Advisory ID 		Assigned CVE IDs CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH-SA-710832-BT
Assigned CVE IDs
  • CVE-2019-11898
 CVSS* Score
9.9
Affected
Bosch Products
  • Bosch Access Professional Edition
 Title
Hard-coded Credentials in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
BOSCH-SA-844044-BT
Assigned CVE IDs
  • CVE-2019-11899
 CVSS* Score
8.8
Affected
Bosch Products
  • Bosch Access Professional Edition
 Title
Improper Access Control in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
BOSCH-SA-553243-BT
Assigned CVE IDs
  • CVE-2019-1181
  • CVE-2019-1182
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 5000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch HP Server DL380
  • Bosch HP Workstation
  • Bosch UGM 2040 plus
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000
 Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-09-03
Last Update
2019-09-03
Security
Advisory ID
BOSCH-SA-425803-BT
Assigned CVE IDs
  • CVE-2019-0708
 CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch HP Workstation
  • Bosch HP Server DL 380
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000
Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-06-12
Last Update
2019-06-12
Security
Advisory ID
BOSCH-SA-804652-BT
Assigned CVE IDs
  • CVE-2019-11684
 CVSS* Score
9.9
Affected
Bosch Products
  • Bosch Video Recording Manager
 Title
Unauthenticated Certificate Access in Video Recording Manager
Publication
Date
2019-05-09
Last Update
2022-02-09
Security
Advisory ID
BOSCH-2019-0403-BT
Assigned CVE IDs
  • CVE-2019-6957
 CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Video Recording Manager,
Video Streaming Gateway,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Title
Software Buffer Overflow
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
BOSCH-2019-0404-BT
Assigned CVE IDs
  • CVE-2019-6958
 CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Title
Improper Access Control
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
BOSCH-2019-0401-BT
Assigned CVE IDs
  • CVE-2019-8951
 CVSS* Score
6.1
Affected
Bosch Products
Video Recording Manager
Title
Open Redirect
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
BOSCH-2019-0402-BT
Assigned CVE IDs
  • CVE-2019-8952
 CVSS* Score
4.9
Affected
Bosch Products
Video Recording Manager
Title
Path Traversal
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
BOSCH‑2019‑0101‑BT
Assigned CVE IDs
CVSS* Score
10
Affected
Bosch Products
  • Bosch digital recorder DVR 400 & 600 series
 Title
DIVAR 400 & 600 series Vulnerability
Publication
Date
2019‑01‑09
Last Update
2019‑01‑18
*CVSS - Common Vulnerability Scoring System

2018

Security
Advisory ID 		Assigned CVE IDs CVSS* Score Affected
Bosch Products 		Title Publication
Date 		Last Update
Security
Advisory ID
BOSCH‑2018 ‑1202‑BT
Assigned CVE IDs
  • CVE-2018-19036
CVSS* Score
9.4
Affected
Bosch Products
  • AUTODOME IP
  • AVIOTEC IP
  • DINION HD
  • DINION IP
  • EXTEGRA IP
  • FLEXIDOME HD
  • Vandal-proof FLEXIDOME HD
  • FLEXIDOME IP
  • IP bullet
  • IP micro
  • MIC IP
  • TINYON IP
 Title
Bosch IP Camera Vulnerability
Publication
Date
2018‑12‑12
Last Update
2022-02-10
*CVSS - Common Vulnerability Scoring System