The Bosch Product Security Incident Response Team (PSIRT) is the central point of contact for external security researchers, partners, and customers to report security information related to products of Bosch and its brands.
If you believe you have identified a potential vulnerability or security incident in a Bosch Product or service, feel free to contact us using our Vulnerability Reporting process. We strongly encourage you to encrypt all communication with the Bosch PSIRT. Our S/MIME public key and fingerprint is available at the bottom of each page.
The Bosch Responsible Disclosure Policy is located here: Responsible Disclosure Policy
Acknowledgment of those who have helped us secure Bosch web services is located here
Acknowledgment of those who have helped us secure Bosch products is located here
- BOSCH-2019-0204: Insecure Permissions in Smart Camera App for Android Security Advisory (CVE-2019-7729)
- BOSCH-2019-0202: Improper Certificate Validation in Smart Camera App for Android Security Advisory (CVE-2019-7728)
- BOSCH-2019-0201: Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
- BOSCH-2019-0101-BT: DIVAR 400 & 600 series Vulnerability
- BOSCH-2018-1203: Bosch Smart Home Camera Vulnerability (CVE-2018-20299)
- BOSCH-2018-1202-BT: Bosch IP Camera Vulnerability (CVE-2018-19036)
- BOSCH-2018-1201: Bosch Access Easy Controller 2.1
- BOSCH-2018-1101: Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
- BOSCH-2017-0201: Bosch Drivelog Connector
- BOSCH-2016-0501: Bosch BMA222E Acoustic Resonance Interference
- BOSCH-2016-0701: Bosch Rexroth BLADEcontrol-WebVIS