Bosch Security and Safety Systems Czech Republic

Security Advisories

Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.

2020

ID Assigned CVE IDs Title CVSS* Score Products Date Download
ID
BOSCH-SA-363824-BT
Assigned CVE IDs
CVE-2017-0144,
CVE-2019-0708,
CVE-2020-6774
Title
Multiple Vulnerabilities in Bosch Recording Station (BRS)
CVSS* Score
8.1
9.8
9.3
Products
Bosch Recording Station (BRS)
Date
2020-05-27
Download
ID
BOSCH-SA-381489-BT
Assigned CVE IDs
CVE-2020-6767
Title
Path Traversal BVMS Vulnerability
CVSS* Score
7.7
Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older
Date
2020-01-29
Download
ID
BOSCH-SA-815013-BT
Assigned CVE IDs
CVE-2020-6768
Title
NoTouch deployment service BVMS Vulnerability
CVSS* Score
8.6
Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older
Date
2020-01-29
Download
ID
BOSCH-SA-260625-BT
Assigned CVE IDs
CVE-2020-6769
Title
Missing Authentication for Critical Function Video Streaming Gateway Vulnerability
CVSS* Score
10.0
Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, DIVAR IP 2000, DIVAR IP 5000, Bosch Video Streaming Gateway (VSG) 6.45 and older
Date
2020-01-29
Download
ID
BOSCH-SA-885551-BT
Assigned CVE IDs
CVE-2020-6770
Title
Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability
CVSS* Score
10.0
Products
DIVAR IP 3000, DIVAR IP 7000, BVMS 10.0 and older
Date
2020-01-29
Download
*CVSS - Common Vulnerability Scoring System

2019

ID Version Title CVSS* Score Products Date Download
ID
BOSCH-SA-710832-BT
CVE-2019-11898
Version
1.0
Title
Unauthorized access to sensitive data by reverse engineering one of the APE service tools
CVSS* Score
9.9
Products
Access Professional Edition (APE) 3.7 downwards
Date
2019-09-11
Download
ID
BOSCH-SA-844044-BT
CVE-2019-11899
Version
1.0
Title
Unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation
CVSS* Score
8.8
Products
Access Professional Edition (APE) 3.7 downwards
Date
2019-09-11
Download
ID
BOSCH-SA-804652-BT
CVE-2019-11684
Version
1.01
Title
Unauthenticated Certificate Access
CVSS* Score
9.9
Products
Video Recording Manager,
DIVAR IP 5000,
Bosch Video Management System
Date
2019-05-22
Download
ID
BOSCH-2019-0403BT
CVE-2019-6957
Version
1.00
Title
Software Buffer Overflow
CVSS* Score
9.8
Products
Bosch Video Management System,
DIVAR IP,
Video Recording Manager,
Video Streaming Gateway,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Date
2019-04-03
Download
ID
BOSCH-2019-0404BT
CVE-2019-6958
Version
1.00
Title
Improper Access Control
CVSS* Score
9.8
Products
Bosch Video Management System,
DIVAR IP,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Date
2019-04-03
Download
ID
BOSCH-2019-0401BT
CVE-2019-8951
Version
1.00
Title
Open Redirect
CVSS* Score
6.1
Products
Video Recording Manager
Date
2019-04-03
Download
ID
BOSCH-2019-0402BT
CVE-2019-8952
Version
1.00
Title
Path Traversal
CVSS* Score
4.9
Products
Video Recording Manager
Date
2019-04-03
Download
ID
BOSCH‑2018‑1201
Version
1.02
Title
Security Advisory Access Easy Controller 2.1
CVSS* Score
6.5
Products
Access Easy Controller 2.1
Date
2019‑02‑28
Download
ID
BOSCH‑2019‑0101‑BT
Version
1.1
Title
DIVAR 400 & 600 series Vulnerability
CVSS* Score
10
Products
DIVAR 400 & 600 series Vulnerability
Date
2019‑01‑09
Download
*CVSS - Common Vulnerability Scoring System

2018

ID Version Title CVSS* Score Products Date Download
ID
CVE-2018-19036
BOSCH‑2018‑1202‑BT
Version
1.04
Title
IP Camera Vulnerability
CVSS* Score
9.4
Products
Bosch IP Cameras
Date
2018‑12‑12
Download
*CVSS - Common Vulnerability Scoring System