Security Advisories
Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.
2022
| Security Advisory ID | Assigned CVE IDs | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Assigned CVE IDs - CVE-2022-32534 - CVE-2022-32535 - CVE-2022-32536 - Multiple CVEs in 3rd party components | Title Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch BOSCH-SA-247052-BT | CVSS* Score 9.8 | Affected Bosch Products Bosch PRA-ES8P2S <= 1.01.05 | Publication Date 2022-06-22 | Last Update 2022-06-22 |
| Security Advisory ID | Assigned CVE IDs CVE-2022-22965 | Title Improper Control of Generation of Code in Bosch MATRIX | CVSS* Score 9.8 | Affected Bosch Products Bosch MATRIX >= 3.3 Bosch MATRIX <= 3.6 Bosch MATRIX <= 3.7.6 Bosch MATRIX <= 3.8.4 | Publication Date 2022-04-27 | Last Update 2022-04-27 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23850, CVE-2021-23851 | Title Buffer Overflow Vulnerability in Recovery Image | CVSS* Score 6.8 6.8 | Affected Bosch Products IP Cameras | Publication Date 2022-03-30 | Last Update 2022-04-08 |
| Security Advisory ID | Assigned CVE IDs CVE-2018-1285 | Title Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability | CVSS* Score 9.8 | Affected Bosch Products Bosch FSM-10000 Client <= 5.6.2131 Bosch FSM-10000 Server <= 5.6.630 Bosch FSM-10k Client <= 5.6.2131 Bosch FSM-10k Server <= 5.6.630 Bosch FSM-2500 Client <= 5.6.2131 Bosch FSM-2500 Server <= 5.6.630 Bosch FSM-5000 Client <= 5.6.2131 Bosch FSM-5000 Server <= 5.6.630 | Publication Date 2022-03-23 | Last Update 2022-03-23 |
| Security Advisory ID | Assigned CVE IDs CVE-2018-1285 | Title Improper Restriction of XML External Entity Reference in BVMS | CVSS* Score 9.8 | Affected Bosch Products Bosch BVMS <= 9.0.0 Bosch BVMS 10.0 <= 10.0.2 Bosch BVMS 10.1 <= 10.1.1 Bosch BVMS 11.0 <= 11.1.0 Bosch DIVAR IP 7000 R2 Bosch DIVAR IP all-in-one 5000 Bosch DIVAR IP all-in-one 7000 | Publication Date 2022-03-16 | Last Update 2022-03-16 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23863 | Title Injection of arbitrary HTML code in Bosch Video Security Android App | CVSS* Score 6.1 | Affected Bosch Products Video Security Android App | Publication Date 2022-01-26 | Last Update 2022-01-26 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23842 CVE-2021-23843 | Title Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller) | CVSS* Score 5.7 8.8 | Affected Bosch Products AMC2 AMS < 4.0 APE <= 3.8.x BIS < 4.9.1 | Publication Date 2022-01-19 | Last Update 2022-01-28 |
2021
| Security Advisory ID | Assigned CVE IDs | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Assigned CVE IDs CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 | Title Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS) | CVSS* Score 10.0 9.0 7.5 | Affected Bosch Products PRAESENSA PRA-APAS | Publication Date 2021-12-22 | Last Update 2021-12-22 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23859, CVE-2021-23860, CVE-2021-23861, CVE-2021-23862 | Title Multiple Vulnerabilities in Bosch BT software products | CVSS* Score 9.1 5.0 6.5 7.2 | Affected Bosch Products AEC, APE, BIS, BVMS, VRM, DIVAR IP, VJD 7513 & 8000 | Publication Date 2021-12-08 | Last Update 2021-12-08 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23849 | Title Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras | CVSS* Score 7.5 | Affected Bosch Products IP Cameras | Publication Date 2021-08-04 | Last Update 2021-10-07 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23847, CVE-2021-23848, CVE-2021-23852, CVE-2021-23853, CVE-2021-23854 | Title Multiple vulnerabilities in Bosch IP cameras | CVSS* Score 9.8 8.3 4.9 8.3 8.3 | Affected Bosch Products IP Cameras | Publication Date 2021-06-09 | Last Update 2021-06-09 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23845, CVE-2021-23846 | Title Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M | CVSS* Score 8.0 8.8 | Affected Bosch Products Bosch B426, B426-CN/B429-CN, B426-M | Publication Date 2021-05-28 | Last Update 2021-05-28 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6785, CVE-2020-6786, CVE-2020-6787, CVE-2020-6788, CVE-2020-6789, CVE-2020-6790, CVE-2020-6771 | Title Software Vulnerabilities: Uncontrolled Search Path Element | CVSS* Score 7.8 | Affected Bosch Products BVMS, BVMS Viewer, VRM Installer, IP Helper, Bosch Video Client Installer, Bosch Configuration Manager Installer, Bosch Monitor Wall Installer, Bosch Video Streaming Gateway Installer, DIVAR IP 7000 R2, DIVAR IP all-in-one 5000, DIVAR IP all-in-one 7000 | Publication Date 2021-03-24 | Last Update 2021-03-30 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-3011 | Title Side Channel Key Extraction IP Cameras and Encoders Vulnerability | CVSS* Score 4.2 | Affected Bosch Products IP Cameras, Encoders | Publication Date 2021-03-03 | Last Update 2021-03-03 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6779, CVE-2020-6780 | Title Two vulnerabilities in Bosch Fire Monitoring System (FSM) | CVSS* Score 10.0 4.4 | Affected Bosch Products FSM | Publication Date 2021-01-20 | Last Update 2021-01-20 |
2020
| Security Advisory ID | Assigned CVE IDs | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Assigned CVE IDs CVE-2020-6776, CVE-2020-6777, CVE-2020-15688 | Title Vulnerabilities in Bosch PRAESIDEO and PRAESENSA | CVSS* Score 8.8 4.8 7.5 | Affected Bosch Products PRAESIDEO PRAESENSA | Publication Date 2020-09-30 | Last Update 2020-09-30 |
| Security Advisory ID | Assigned CVE IDs CVE-2017-0144, CVE-2019-0708, CVE-2020-6774 | Title Multiple Vulnerabilities in Bosch Recording Station (BRS) | CVSS* Score 8.1 9.8 9.3 | Affected Bosch Products Bosch Recording Station (BRS) | Publication Date 2020-05-27 | Last Update 2020-05-27 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6767 | Title Path Traversal BVMS Vulnerability | CVSS* Score 7.7 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6768 | Title NoTouch deployment service BVMS Vulnerability | CVSS* Score 8.6 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6769 | Title Missing Authentication for Critical Function Video Streaming Gateway Vulnerability | CVSS* Score 10.0 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, DIVAR IP 2000, DIVAR IP 5000, Bosch Video Streaming Gateway (VSG) 6.45 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6770 | Title Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability | CVSS* Score 10.0 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, BVMS 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
2019
| Security Advisory ID | Version | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Version 1.0 | Title Unauthorized access to sensitive data by reverse engineering one of the APE service tools | CVSS* Score 9.9 | Affected Bosch Products Access Professional Edition (APE) 3.7 downwards | Publication Date 2019-09-11 | Last Update 2019-09-11 |
| Security Advisory ID | Version 1.0 | Title Unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation | CVSS* Score 8.8 | Affected Bosch Products Access Professional Edition (APE) 3.7 downwards | Publication Date 2019-09-11 | Last Update 2019-09-11 |
| Security Advisory ID | Version 1.02 | Title Unauthenticated Certificate Access | CVSS* Score 9.9 | Affected Bosch Products Video Recording Manager, DIVAR IP 5000, Bosch Video Management System | Publication Date 2019-05-09 | Last Update 2022-02-09 |
| Security Advisory ID | Version 1.00 | Title Software Buffer Overflow | CVSS* Score 9.8 | Affected Bosch Products Bosch Video Management System, DIVAR IP, Video Recording Manager, Video Streaming Gateway, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Improper Access Control | CVSS* Score 9.8 | Affected Bosch Products Bosch Video Management System, DIVAR IP, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Open Redirect | CVSS* Score 6.1 | Affected Bosch Products Video Recording Manager | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Path Traversal | CVSS* Score 4.9 | Affected Bosch Products Video Recording Manager | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.02 | Title Security Advisory Access Easy Controller 2.1 | CVSS* Score 6.5 | Affected Bosch Products Access Easy Controller 2.1 | Publication Date 2018-12-03 | Last Update 2019‑02‑28 |
| Security Advisory ID | Version 1.1 | Title DIVAR 400 & 600 series Vulnerability | CVSS* Score 10 | Affected Bosch Products DIVAR 400 & 600 series Vulnerability | Publication Date 2019‑01‑09 | Last Update 2019‑01‑18 |
2018
| Security Advisory ID | Version | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Version 1.05 | Title IP Camera Vulnerability | CVSS* Score 9.4 | Affected Bosch Products Bosch IP Cameras | Publication Date 2018‑12‑12 | Last Update 20228‑02‑09 |