Bosch PSIRT Security Advisories2024-03-18T12:57:56Zhttps://psirt.bosch.com/security-advisories/bosch-psirt-security-advisories-rss.xmlSecurity Advisories by the Bosch PSIRT Robert Bosch GmbH2024-03-13T00:00:00RPS and RPS-LITE operator and communication process vulnerabilities.
<p>BOSCH-SA-099637-BT: Security vulnerabilities related to password use, management and communication processes in RPS and RPS-LITE introduce potential for a malicious user to compromise the software. Bosch recommends to update to the latest version as soon as possible.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-099637-bt.htmlRobert Bosch GmbH2024-03-13T00:00:00BVMS affected by Autodesk Design Review Multiple Vulnerabilities
<p>BOSCH-SA-246962-BT: BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.
Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the Autodesk Design Review during a BVMS upgrade. This means only BVMS systems are affected which have versions \<= 10.1.1.12 or were upgraded from BVMS Version \<= 10.1.1.12 to a higher version.
- Bosch does not provide any patches for BVMS \<= 10.1.1.12
- For BVMS systems upgraded from any BVMS version \<= 10.1.1.12 Bosch advises to mitigate the vulnerability.
- Fresh BVMS installations starting from BVMS 11.0 are not affected
Before removing Autodesk Design Review v 9.1.0.127 make sure that it is not used by any other software installed on that machine.
How to check if the system is affected:
1. In the Search bar, search for \"add remove\" and select \"Add remove programs\".
2. Check whether Autodesk Design Review v 9.1.0.127 is installed.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-246962-bt.htmlRobert Bosch GmbH2024-03-06T00:00:00Git for Windows Multiple Security Vulnerabilities in Bosch DIVAR IP all-in-one Devices
<p>BOSCH-SA-637386-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application.\
Multiple Git for Windows vulnerabilities have been discovered in DIVAR IP System Manager versions prior to 2.3.0, affecting several Bosch DIVAR IP all-in-one models.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-637386-bt.htmlRobert Bosch GmbH2024-03-06T00:00:00Multiple OpenSSL vulnerabilities in BVMS
<p>BOSCH-SA-090577-BT: BVMS is using a Device Adapter service for communication with Tattile cameras which is also active when no Tattile cameras are added in the BVMS installation. This service uses an OpenSSL library, which has multiple vulnerabilities as published by OpenSSL. When successfully exploited, these vulnerabilities could lead to command injection or denial of service. </p>
https://psirt.bosch.com/security-advisories/bosch-sa-090577-bt.htmlRobert Bosch GmbH2024-01-29T00:00:00Multiple vulnerabilities in Nexo cordless nutrunner
<p>BOSCH-SA-711465: The Nexo cordless nutrunner running NEXO-OS V1500-SP2 has some vulnerabilities which allows an attacker: - to read/upload/download/delete arbitrary files in all paths of the system, - to inject and execute arbitrary client-side script code, arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim's session, - to authenticate to the web application with high privileges or SSH service with root privileges through multiple hidden hard-coded accounts, - to read or update arbitrary content of the authentication or results database, - to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE), - to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim's session, - to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device, - to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim's session, - to perform actions exceeding their authorized access. </p>
https://psirt.bosch.com/security-advisories/bosch-sa-711465.htmlRobert Bosch GmbH2024-01-09T00:00:00Open Port 8899 in BCC Thermostat Product
<p>BOSCH-SA-473852: A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat products, which allows an un-authencated connection from a local WiFi network.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-473852.htmlRobert Bosch GmbH2023-12-13T00:00:00Denial of Service vulnerability in Bosch BT software products
<p>BOSCH-SA-092656-BT: An security vulnerability discovered in Bosch internal tests allows an unauthenticated attacker to interrupt normal functions and cause a Denial of Service / DoS.
Bosch rates this vulnerability with a CVSSv3.1 base scores of 7.5 (High) for products using the vulnerable function as a server and 5.9 (medium) for products using the vulnerable function as a client, where the actual rating depends on the individual vulnerability and the final rating on the customer's environment.
Customers are strongly advised to update to the fixed versions.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.htmlRobert Bosch GmbH2023-12-13T00:00:00Information Disclosure Vulnerability in Bosch IP cameras
<p>BOSCH-SA-839739-BT: An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
This vulnerability was discovered by Souvik Kandar and Arko Dhar from Redinent Innovations, India
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-839739-bt.htmlRobert Bosch GmbH2023-12-13T00:00:00Command injection vulnerability in Bosch IP Cameras
<p>BOSCH-SA-638184-BT: A vulnerability was discovered in Bosch IP cameras of families CPP13 and CPP14, that allows an authenticated user with administrative rights to execute arbitrary commands in the operating system of the camera.
</p>
https://psirt.bosch.com/security-advisories/bosch-sa-638184-bt.htmlRobert Bosch GmbH2023-11-21T00:00:00Multiple vulnerabilities on ctrlX HMI / WR21
<p>BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication borders. Additionally, the \"Android Agent\" application which is an onboard application of ctrlX HMI/ WR21 before build date 20231107 contains some weaknesses regarding the execution of arbitrary commands on the device. All weaknesses were eliminated in the newest firmware version which can be updated on the existing devices. </p>
https://psirt.bosch.com/security-advisories/bosch-sa-175607.htmlRobert Bosch GmbH