Security Advisories
Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.
2021
| Security Advisory ID | Assigned CVE IDs | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Assigned CVE IDs CVE-2021-23849 | Title Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras | CVSS* Score 7.5 | Affected Bosch Products IP Cameras | Publication Date 2021-08-04 | Last Update 2021-10-07 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23847, CVE-2021-23848, CVE-2021-23852, CVE-2021-23853, CVE-2021-23854 | Title Multiple vulnerabilities in Bosch IP cameras | CVSS* Score 9.8 8.3 4.9 8.3 8.3 | Affected Bosch Products IP Cameras | Publication Date 2021-06-09 | Last Update 2021-06-09 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-23845, CVE-2021-23846 | Title Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M | CVSS* Score 8.0 8.8 | Affected Bosch Products Bosch B426, B426-CN/B429-CN, B426-M | Publication Date 2021-05-28 | Last Update 2021-05-28 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6785, CVE-2020-6786, CVE-2020-6787, CVE-2020-6788, CVE-2020-6789, CVE-2020-6790, CVE-2020-6771 | Title Software Vulnerabilities: Uncontrolled Search Path Element | CVSS* Score 7.8 | Affected Bosch Products BVMS, BVMS Viewer, VRM Installer, IP Helper, Bosch Video Client Installer, Bosch Configuration Manager Installer, Bosch Monitor Wall Installer, Bosch Video Streaming Gateway Installer, DIVAR IP 7000 R2, DIVAR IP all-in-one 5000, DIVAR IP all-in-one 7000 | Publication Date 2021-03-24 | Last Update 2021-03-30 |
| Security Advisory ID | Assigned CVE IDs CVE-2021-3011 | Title Side Channel Key Extraction IP Cameras and Encoders Vulnerability | CVSS* Score 4.2 | Affected Bosch Products IP Cameras, Encoders | Publication Date 2021-03-03 | Last Update 2021-03-03 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6779, CVE-2020-6780 | Title Two vulnerabilities in Bosch Fire Monitoring System (FSM) | CVSS* Score 10.0 4.4 | Affected Bosch Products FSM | Publication Date 2021-01-20 | Last Update 2021-01-20 |
2020
| Security Advisory ID | Assigned CVE IDs | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Assigned CVE IDs CVE-2020-6776, CVE-2020-6777, CVE-2020-15688 | Title Vulnerabilities in Bosch PRAESIDEO and PRAESENSA | CVSS* Score 8.8 4.8 7.5 | Affected Bosch Products PRAESIDEO PRAESENSA | Publication Date 2020-09-30 | Last Update 2020-09-30 |
| Security Advisory ID | Assigned CVE IDs CVE-2017-0144, CVE-2019-0708, CVE-2020-6774 | Title Multiple Vulnerabilities in Bosch Recording Station (BRS) | CVSS* Score 8.1 9.8 9.3 | Affected Bosch Products Bosch Recording Station (BRS) | Publication Date 2020-05-27 | Last Update 2020-05-27 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6767 | Title Path Traversal BVMS Vulnerability | CVSS* Score 7.7 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6768 | Title NoTouch deployment service BVMS Vulnerability | CVSS* Score 8.6 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6769 | Title Missing Authentication for Critical Function Video Streaming Gateway Vulnerability | CVSS* Score 10.0 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, DIVAR IP 2000, DIVAR IP 5000, Bosch Video Streaming Gateway (VSG) 6.45 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
| Security Advisory ID | Assigned CVE IDs CVE-2020-6770 | Title Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability | CVSS* Score 10.0 | Affected Bosch Products DIVAR IP 3000, DIVAR IP 7000, BVMS 10.0 and older | Publication Date 2020-01-29 | Last Update 2020-01-29 |
2019
| Security Advisory ID | Version | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Version 1.0 | Title Unauthorized access to sensitive data by reverse engineering one of the APE service tools | CVSS* Score 9.9 | Affected Bosch Products Access Professional Edition (APE) 3.7 downwards | Publication Date 2019-09-11 | Last Update 2019-09-11 |
| Security Advisory ID | Version 1.0 | Title Unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation | CVSS* Score 8.8 | Affected Bosch Products Access Professional Edition (APE) 3.7 downwards | Publication Date 2019-09-11 | Last Update 2019-09-11 |
| Security Advisory ID | Version 1.01 | Title Unauthenticated Certificate Access | CVSS* Score 9.9 | Affected Bosch Products Video Recording Manager, DIVAR IP 5000, Bosch Video Management System | Publication Date 2019-05-09 | Last Update 2019-05-22 |
| Security Advisory ID | Version 1.00 | Title Software Buffer Overflow | CVSS* Score 9.8 | Affected Bosch Products Bosch Video Management System, DIVAR IP, Video Recording Manager, Video Streaming Gateway, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Improper Access Control | CVSS* Score 9.8 | Affected Bosch Products Bosch Video Management System, DIVAR IP, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Open Redirect | CVSS* Score 6.1 | Affected Bosch Products Video Recording Manager | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.00 | Title Path Traversal | CVSS* Score 4.9 | Affected Bosch Products Video Recording Manager | Publication Date 2019-04-03 | Last Update 2019-04-03 |
| Security Advisory ID | Version 1.02 | Title Security Advisory Access Easy Controller 2.1 | CVSS* Score 6.5 | Affected Bosch Products Access Easy Controller 2.1 | Publication Date 2018-12-03 | Last Update 2019‑02‑28 |
| Security Advisory ID | Version 1.1 | Title DIVAR 400 & 600 series Vulnerability | CVSS* Score 10 | Affected Bosch Products DIVAR 400 & 600 series Vulnerability | Publication Date 2019‑01‑09 | Last Update 2019‑01‑18 |
2018
| Security Advisory ID | Version | Title | CVSS* Score | Affected Bosch Products | Publication Date | Last Update |
|---|---|---|---|---|---|---|
| Security Advisory ID | Version 1.04 | Title IP Camera Vulnerability | CVSS* Score 9.4 | Affected Bosch Products Bosch IP Cameras | Publication Date 2018‑12‑12 | Last Update 2018‑12‑21 |