Skip to main content
Bosch Security and Safety Systems I Latin America

Security Advisories

Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions.

2022

Security
Advisory ID
Assigned CVE
IDs
CVSS* Score Affected
Bosch Products
Title Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
  • Multiple CVEs in 3rd party components (see Advisory)
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch PRA-ES8P2S
Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication
Date
2022-11-23
Last Update
2022-11-23
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2022-40183
  • CVE-2022-40184
CVSS* Score
5.8
Affected
Bosch Products
  • Bosch VIDEOJET multi 4000
Title
Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000
Publication
Date
2022-10-19
Last Update
2022-10-19
Security
Advisory ID
Assigned CVE
IDs
  • Multiple CVEs in 3rd party components (see Advisory)
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DSA E2800 Base units
  • Bosch DSA E2800 Dual Controllers
Title
Multiple Vulnerabilities in NetApp DSA E2800 series
Publication
Date
2022-10-19
Last Update
2022-12-07
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2022-32540
CVSS* Score
7.4
Affected
Bosch Products
  • Bosch BVMS
  • Bosch VJD-7513
Title
Information Disclosure in VIDEOJET Decoder and Operator Client
application in BVMS
Publication
Date
2022-09-21
Last Update
2022-09-21
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2022-36301
  • CVE-2022-36302
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch BF-OS
Title
Multiple Vulnerabilities in BF-OS
Publication
Date
2022-08-01
Last Update
2022-11-03
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2022-32534
  • CVE-2022-32535
  • CVE-2022-32536
  • Multiple CVEs in 3rd party components
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch PRA-ES8P2S
Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
BOSCH-SA-247052-BT
Publication
Date
2022-06-22
Last Update
2022-11-23
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2022-22965
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch MATRIX
Title
Improper Control of Generation of Code in Bosch MATRIX
Publication
Date
2022-04-27
Last Update
2022-04-27
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23850
  • CVE-2021-23851
CVSS* Score
6.8
Affected
Bosch Products
  • Bosch CPP Firmware
Title
Buffer Overflow Vulnerability in Recovery Image
Publication
Date
2022-03-30
Last Update
2022-09-07
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2018-1285
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch FSM-10000 Client
  • Bosch FSM-10000 Server
  • Bosch FSM-10k Client
  • Bosch FSM-10k Server
  • Bosch FSM-2500 Client
  • Bosch FSM-2500 Server
  • Bosch FSM-5000 Client
  • Bosch FSM-5000 Server
Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Publication
Date
2022-03-23
Last Update
2022-03-23
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2018-1285
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
Title
Improper Restriction of XML External Entity Reference in BVMS
Publication
Date
2022-03-16
Last Update
2022-03-16
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23863
CVSS* Score
6.1
Affected
Bosch Products
  • Bosch Video Security Android Application
Title
Injection of arbitrary HTML code in Bosch Video Security Android App
Publication
Date
2022-01-26
Last Update
2022-09-07
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23842
  • CVE-2021-23843
CVSS* Score
8.8
Affected
Bosch Products
  • Bosch AMC2
  • Bosch AMS
  • Bosch APE
  • Bosch BIS
Title
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)
Publication
Date
2022-01-19
Last Update
2022-01-28
*CVSS - Common Vulnerability Scoring System

2021

Security
Advisory ID
Assigned CVE
IDs
CVSS* Score Affected
Bosch Products
Title Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-45105
CVSS* Score
10.0
Affected
Bosch Products
  • Bosch PRA-APAS
Title
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address
Server (PRA-APAS)
Publication
Date
2021-12-22
Last Update
2021-12-22
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23859
  • CVE-2021-23860
  • CVE-2021-23861
  • CVE-2021-23862
CVSS* Score
9.1
Affected
Bosch Products
  • Bosch AEC
  • Bosch APE
  • Bosch BIS
  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
  • Bosch VJD-7513
  • Bosch VJD-8000
  • Bosch VRM
  • Bosch VRM Exporter
Title
Multiple Vulnerabilities in Bosch BT software products
Publication
Date
2021-12-08
Last Update
2021-12-08
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23849
CVSS* Score
7.5
Affected
Bosch Products
  • Bosch CPP Firmware
Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Publication
Date
2021-08-04
Last Update
2021-10-07
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23847
  • CVE-2021-23848
  • CVE-2021-23852
  • CVE-2021-23853
  • CVE-2021-23854
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch CPP Firmware
Title
Multiple vulnerabilities in Bosch IP cameras
Publication
Date
2021-06-09
Last Update
2021-06-09
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-23845
  • CVE-2021-23846
CVSS* Score
8.8
Affected
Bosch Products
  • Bosch B426 Firmware
  • Bosch B426-CN/B429- CN Firmware
  • Bosch B426-M Firmware
  • Bosch B426 Firmware
Title
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Publication
Date
2021-05-28
Last Update
2021-05-28
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6785
  • CVE-2020-6786
  • CVE-2020-6787
  • CVE-2020-6788
  • CVE-2020-6789
  • CVE-2020-6790
  • CVE-2020-6771
CVSS* Score
7.8
Affected
Bosch Products
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Configuration Manager
  • Bosch DIVAR IP 7000 R2
  • DIVAR IP all-in-one 5000
  • DIVAR IP all-in-one 7000
  • Bosch IP Helper
  • Bosch Monitor Wall
  • Bosch Video Client
  • Bosch Video Recording Manager
  • Bosch Video Streaming Gateway
Title
Software Vulnerabilities: Uncontrolled Search Path Element
Publication
Date
2021-03-24
Last Update
2021-03-30
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2021-3011
CVSS* Score
4.2
Affected
Bosch Products
  • Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3
Title
Side Channel Key Extraction IP Cameras and Encoders Vulnerability
Publication
Date
2021-03-03
Last Update
2021-03-03
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6779
  • CVE-2020-6780
CVSS* Score
10.0
Affected
Bosch Products
  • Bosch FSM-2500
  • Bosch FSM-5000
Title
Two vulnerabilities in Bosch Fire Monitoring System (FSM)
Publication
Date
2021-01-20
Last Update
2021-01-20
*CVSS - Common Vulnerability Scoring System

2020

Security
Advisory ID
Assigned CVE
IDs
CVSS* Score Affected
Bosch Products
Title Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6776
  • CVE-2020-6777
  • CVE-2020-15688
CVSS* Score
8.8
Affected
Bosch Products
  • Bosch PRAESENSA
  • Bosch PRAESIDEO
Title
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
Publication
Date
2020-09-30
Last Update
2020-09-30
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2017-0144
  • CVE-2019-0708
  • CVE-2020-6774
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch Recording Station
Title
Multiple Vulnerabilities in Bosch Recording Station (BRS)
Publication
Date
2020-05-27
Last Update
2020-05-27
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6767
CVSS* Score
7.7
Affected
Bosch Products
  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
Title
Path Traversal BVMS Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6768
CVSS* Score
8.6
Affected
Bosch Products
  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
Title
NoTouch deployment service BVMS Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6769
CVSS* Score
10.0
Affected
Bosch Products
  • Bosch Video Streaming Gateway
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000
Title
Missing Authentication for Critical Function Video Streaming Gateway Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
  • CVE-2020-6770
CVSS* Score
10.0
Affected
Bosch Products
  • Bosch BVMS Mobile Video Service
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
Title
Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability
Publication
Date
2020-01-29
Last Update
2020-01-29
*CVSS - Common Vulnerability Scoring System

2019

Security
Advisory ID
Assigned CVE IDs CVSS* Score Affected
Bosch Products
Title Publication
Date
Last Update
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-11898
CVSS* Score
9.9
Affected
Bosch Products
  • Bosch Access Professional Edition
Title
Hard-coded Credentials in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-11899
CVSS* Score
8.8
Affected
Bosch Products
  • Bosch Access Professional Edition
Title
Improper Access Control in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-1181
  • CVE-2019-1182
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 5000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch HP Server DL380
  • Bosch HP Workstation
  • Bosch UGM 2040 plus
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000
Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-09-03
Last Update
2019-09-03
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-0708
CVSS* Score
9.8
Affected
Bosch Products
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch HP Workstation
  • Bosch HP Server DL 380
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000
Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-06-12
Last Update
2019-06-12
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-11684
CVSS* Score
9.9
Affected
Bosch Products
  • Bosch Video Recording Manager
Title
Unauthenticated Certificate Access in Video Recording Manager
Publication
Date
2019-05-09
Last Update
2022-02-09
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-6957
CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Video Recording Manager,
Video Streaming Gateway,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Title
Software Buffer Overflow
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-6958
CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Title
Improper Access Control
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-8951
CVSS* Score
6.1
Affected
Bosch Products
Video Recording Manager
Title
Open Redirect
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Assigned CVE IDs
  • CVE-2019-8952
CVSS* Score
4.9
Affected
Bosch Products
Video Recording Manager
Title
Path Traversal
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Assigned CVE IDs
CVSS* Score
10
Affected
Bosch Products
  • Bosch digital recorder DVR 400 & 600 series
Title
DIVAR 400 & 600 series Vulnerability
Publication
Date
2019‑01‑09
Last Update
2019‑01‑18
*CVSS - Common Vulnerability Scoring System

2018

Security
Advisory ID
Assigned CVE IDs CVSS* Score Affected
Bosch Products
Title Publication
Date
Last Update
Security
Advisory ID
Assigned CVE IDs
  • CVE-2018-19036
CVSS* Score
9.4
Affected
Bosch Products
  • AUTODOME IP
  • AVIOTEC IP
  • DINION HD
  • DINION IP
  • EXTEGRA IP
  • FLEXIDOME HD
  • Vandal-proof FLEXIDOME HD
  • FLEXIDOME IP
  • IP bullet
  • IP micro
  • MIC IP
  • TINYON IP
Title
Bosch IP Camera Vulnerability
Publication
Date
2018‑12‑12
Last Update
2022-02-10
*CVSS - Common Vulnerability Scoring System