Bosch PSIRT Security Advisories

Information about security vulnerabilities affecting Bosch products.

2021

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-033305-BT	Assigned CVE IDs CVE-2021-23849	CVSS Score* 7.5	Affected Products Bosch CPP Firmware	Title Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras	Publication Date 2021-08-04	Last Update 2021-08-04
Security Advisory ID BOSCH-SA-670099	Assigned CVE IDs CVE-2021-30186 CVE-2021-30188 CVE-2021-30189 CVE-2021-30190 CVE-2021-30191 CVE-2021-30192 CVE-2021-30193 CVE-2021-30194 CVE-2021-30195	CVSS Score* 9.8	Affected Products Bosch Rexroth CS351E-D IL Bosch Rexroth CS351E-G IL Bosch Rexroth CS351S-D IL Bosch Rexroth CS351S-G IL Bosch Rexroth KE350G IL	Title Vulnerabilities in CODESYS V2 runtime systems	Publication Date 2021-07-20	Last Update 2021-07-20
Security Advisory ID BOSCH-SA-475180	Assigned CVE IDs CVE-2021-30186 CVE-2021-30188 CVE-2021-30195	CVSS Score* 9.8	Affected Products Bosch Rexroth IndraLogic Bosch Rexroth IndraMotion MLC Bosch Rexroth IndraMotion MLD Bosch Rexroth IndraMotion MTX Bosch Rexroth SYNAX Bosch Rexroth Visual Motion	Title Vulnerabilities in CODESYS V2 runtime systems	Publication Date 2021-07-09	Last Update 2021-07-09
Security Advisory ID BOSCH-SA-478243-BT	Assigned CVE IDs CVE-2021-23847 CVE-2021-23848 CVE-2021-23852 CVE-2021-23853 CVE-2021-23854	CVSS Score* 9.8	Affected Products Bosch CPP Firmware	Title Multiple vulnerabilities in Bosch IP cameras	Publication Date 2021-06-09	Last Update 2021-06-09
Security Advisory ID BOSCH-SA-196933-BT	Assigned CVE IDs CVE-2021-23845 CVE-2021-23846	CVSS Score* 8.8	Affected Products Bosch B426 Firmware Bosch B426-CN/B429- CN Firmware Bosch B426-M Firmware Bosch B426 Firmware	Title Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M	Publication Date 2021-05-28	Last Update 2021-05-28
Security Advisory ID BOSCH-SA-350374	Assigned CVE IDs CVE-2021-29242	CVSS Score* 7.3	Affected Products Bosch Rexroth IndraMotion MLC Bosch Rexroth IndraMotion MLD Bosch Rexroth IndraMotion MTX Bosch Rexroth ctrlX CORE PLC App	Title Vulnerability in the routing protocol of the PLC runtime	Publication Date 2021-05-19	Last Update 2021-05-19
Security Advisory ID BOSCH-SA-017743	Assigned CVE IDs CVE-2020-26116 CVE-2020-27619 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-3177 CVE-2021-3449	CVSS Score* 9.8	Affected Products ctrlX CORE - IDE App	Title ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities	Publication Date 2021-04-30	Last Update 2021-04-30
Security Advisory ID BOSCH-SA-428397	Assigned CVE IDs n/a	CVSS Score* n/a	Affected Products Rexroth R-IL ETH BK DI8 DO4 2TX-PAC Rexroth R-IL PN BK DI8 DO4-PAC Rexroth R-IL S3 BK DI8 DO4-PAC Rexroth S20-EC-BK Rexroth S20-EIP-BK Rexroth S20-ETH-BK Rexroth S20-PN-BK+ Rexroth S20-S3-BK+	Title FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline	Publication Date 2021-04-30	Last Update 2021-04-30
Security Advisory ID BOSCH-SA-918106	Assigned CVE IDs CVE-2020-27815 CVE-2020-27830 CVE-2020-28374 CVE-2020-28941 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-27803	CVSS Score* 9.1	Affected Products Rexroth IoT Gateway ctrlX CORE Runtime	Title ctrlX Multiple Vulnerabilities	Publication Date 2021-04-23	Last Update 2021-04-23
Security Advisory ID BOSCH-SA-282922	Assigned CVE IDs CVE-2021-20987	CVSS Score* 7.5	Affected Products Bosch Rexroth ActiveMover	Title Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol	Publication Date 2021-03-31	Last Update 2021-03-31
Security Advisory ID BOSCH-SA-637429	Assigned CVE IDs CVE-2021-20986	CVSS Score* 7.5	Affected Products Bosch Rexroth ActiveMover	Title Denial of Service in Rexroth ActiveMover using Profinet protocol	Publication Date 2021-03-31	Last Update 2021-03-31
Security Advisory ID BOSCH-SA-835563-BT	Assigned CVE IDs CVE-2020-6771 CVE-2020-6785 CVE-2020-6786 CVE-2020-6787 CVE-2020-6788 CVE-2020-6789 CVE-2020-6790	CVSS Score* 7.8	Affected Products Bosch BVMS Bosch BVMS Viewer Bosch Configuration Manager Bosch DIVAR IP 7000 R2 DIVAR IP all-in-one 5000 DIVAR IP all-in-one 7000 Bosch IP Helper Bosch Monitor Wall Bosch Video Client Bosch Video Recording Manager Bosch Video Streaming Gateway	Title Uncontrolled Search Path Element in Multiple Bosch Products	Publication Date 2021-03-24	Last Update 2021-03-30
Security Advisory ID BOSCH-SA-762869-BT	Assigned CVE IDs CVE-2021-3011	CVSS Score* 4.2	Affected Products Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3	Title Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders	Publication Date 2021-03-03	Last Update 2021-03-03
Security Advisory ID BOSCH-SA-372917	Assigned CVE IDs CVE-2020-29661 CVE-2021-3156 CVE-2021-3347	CVSS Score* 7.8	Affected Products Rexroth IoT Gateway ctrlX CORE Runtime	Title Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products	Publication Date 2021-02-24	Last Update 2021-02-24
Security Advisory ID BOSCH-SA-775371	Assigned CVE IDs CVE-2020-25159	CVSS Score* 9.8	Affected Products Rexroth ID 200/C-ETH	Title Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol	Publication Date 2021-01-27	Last Update 2021-01-27
Security Advisory ID BOSCH-SA-332072-BT	Assigned CVE IDs CVE-2020-6779 CVE-2020-6780	CVSS Score* 10	Affected Products Bosch FSM-2500 Bosch FSM-5000	Title Two Vulnerabilities in Bosch Fire Monitoring System (FSM)	Publication Date 2021-01-20	Last Update 2021-01-20

*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2020

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-274557	Assigned CVE IDs CVE-2020-1971	CVSS Score* 5.9	Affected Products ctrlX CORE Runtime ctrlX WORKS ctrlX CORE OPC UA Client ctrlX CORE OPC UA Server	Title ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971	Publication Date 2020-12-18	Last Update 2021-01-21
Security Advisory ID BOSCH-SA-152060	Assigned CVE IDs CVE-2019-5105 CVE-2020-7052	CVSS Score* 7.5	Affected Products Rexroth IndraMotion MTX Rexroth IndraMotion MLC Rexroth IndraMotion MLD	Title Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products	Publication Date 2020-12-16	Last Update 2020-12-16
Security Advisory ID BOSCH-SA-387388	Assigned CVE IDs CVE-2019-18858 CVE-2019-5105 CVE-2019-9010 CVE-2019-9012 CVE-2019-9013 CVE-2020-10245	CVSS Score* 10.0	Affected Products Rexroth PRC7000	Title Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000	Publication Date 2020-12-16	Last Update 2020-12-16
Security Advisory ID BOSCH-SA-856281	Assigned CVE IDs CVE-2019-0708	CVSS Score* 9.8	Affected Products Rexroth VEP15.6 Rexroth VEP21.6 Rexroth VEP30.5 Rexroth VEP40.5 Rexroth VEP50.5 Rexroth VPB40.3 Rexroth VPB40.4 Rexroth VPP16 Rexroth VPP40 Rexroth VPP60	Title Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs	Publication Date 2020-10-13	Last Update 2020-10-13
Security Advisory ID BOSCH-SA-538331-BT	Assigned CVE IDs CVE-2020-6776 CVE-2020-6777 CVE-2020-15688	CVSS Score* 8.8	Affected Products Bosch PRAESENSA Bosch PRAESIDEO	Title Vulnerabilities in Bosch PRAESIDEO and PRAESENSA	Publication Date 2020-09-30	Last Update 2020-09-30
Security Advisory ID BOSCH-SA-231483	Assigned CVE IDs CVE-2020-14513 CVE-2020-14519 CVE-2020-14509 CVE-2020-14517 CVE-2020-16233 CVE-2020-14515	CVSS Score* 10.0	Affected Products Rexroth ActiveAssist Tool localization extension module Rexroth Laser Localization Software	Title WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products	Publication Date 2020-09-25	Last Update 2020-09-25
Security Advisory ID BOSCH-SA-347336	Assigned CVE IDs CVE-2020-6781	CVSS Score* 6.8	Affected Products Bosch Smart Home iOS App	Title Improper Certificate Validation in Bosch Smart Home System App for iOS	Publication Date 2020-08-25	Last Update 2020-08-25
Security Advisory ID BOSCH-SA-363824-BT	Assigned CVE IDs CVE-2017-0144 CVE-2019-0708 CVE-2020-6774	CVSS Score* 9.8	Affected Products Bosch Recording Station	Title Multiple Vulnerabilities in Bosch Recording Station (BRS)	Publication Date 2020-05-27	Last Update 2020-05-27
Security Advisory ID BOSCH-SA-645125	Assigned CVE IDs CVE-2018-16994	CVSS Score* 7.5	Affected Products Rexroth S20-PN-BK+ Rexroth S20-ETH-BK	Title Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK	Publication Date 2020-03-16	Last Update 2020-03-16
Security Advisory ID BOSCH-SA-885551-BT	Assigned CVE IDs CVE-2020-6770	CVSS Score* 10.0	Affected Products Bosch BVMS Mobile Video Service Bosch DIVAR IP 3000 Bosch DIVAR IP 7000	Title Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service	Publication Date 2020-01-29	Last Update 2020-01-29
Security Advisory ID BOSCH-SA-260625-BT	Assigned CVE IDs CVE-2020-6769	CVSS Score* 10.0	Affected Products Bosch Video Streaming Gateway Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000 Bosch DIVAR IP 2000 Bosch DIVAR IP 5000	Title Missing Authentication for Critical Function in Bosch Video Streaming Gateway	Publication Date 2020-01-29	Last Update 2020-01-29
Security Advisory ID BOSCH-SA-815013-BT	Assigned CVE IDs CVE-2020-6768	CVSS Score* 8.6	Affected Products Bosch Video Management System (BVMS) Bosch BVMS Viewer Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000	Title Path Traversal in Bosch Video Management System NoTouch deployment	Publication Date 2020-01-29	Last Update 2020-02-11
Security Advisory ID BOSCH-SA-381489-BT	Assigned CVE IDs CVE-2020-6767	CVSS Score* 7.7	Affected Products Bosch Video Management System (BVMS) Bosch BVMS Viewer Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000	Title Path Traversal in Bosch Video Management System	Publication Date 2020-01-29	Last Update 2020-02-11

2019

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-844044-BT	Assigned CVE IDs CVE-2019-11899	CVSS Score* 8.8	Affected Products Bosch Access Professional Edition	Title Improper Access Control in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-710832-BT	Assigned CVE IDs CVE-2019-11898	CVSS Score* 9.9	Affected Products Bosch Access Professional Edition	Title Hard-coded Credentials in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-553243-BT	Assigned CVE IDs CVE-2019-1181 CVE-2019-1182	CVSS Score* 9.8	Affected Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 5000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000 Bosch HP Server DL380 Bosch HP Workstation Bosch UGM 2040 plus Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-09-03	Last Update 2019-09-03
Security Advisory ID BOSCH-SA-562575	Assigned CVE IDs CVE-2019-11601 CVE-2019-11897 CVE-2019-11602 CVE-2019-11603	CVSS Score* 9.1	Affected Products ProSyst mBS SDK < 8.2.6 Bosch IoT Gateway Software < 9.0.2 Bosch IoT Gateway Software < 9.2.0 Bosch IoT Gateway Software < 9.3.0	Title Multiple Vulnerabilities in ProSyst mBS SDK and Bosch IoT Gateway Software	Publication Date 2019-08-19	Last Update 2020-03-16
Security Advisory ID BOSCH-SA-761722	Assigned CVE IDs CVE-2019-12256 CVE-2019-12257 CVE-2019-12255 CVE-2019-12260 CVE-2019-12261 CVE-2019-12263 CVE-2019-12258 CVE-2019-12259 CVE-2019-12262 CVE-2019-12264 CVE-2019-12265	CVSS Score* 9.8	Affected Products Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22 Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22 Rexroth industrial PC VPB40.4, firmware version < 14V22 Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)	Title VxWorks security updates in Bosch Rexroth controllers	Publication Date 2019-08-08	Last Update 2019-08-08
Security Advisory ID BOSCH-SA-425803-BT	Assigned CVE IDs CVE-2019-0708	CVSS Score* 9.8	Affected Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch HP Workstation Bosch HP Server DL 380 Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-06-12	Last Update 2019-06-12
Security Advisory ID BOSCH-SA-662084	Assigned CVE IDs CVE-2019-11601 CVE-2019-11602 CVE-2019-11603 CVE-2019-11891 CVE-2019-11892 CVE-2019-11893 CVE-2019-11894 CVE-2019-11895 CVE-2019-11896 CVE-2019-11897	CVSS Score* 9.1	Affected Products Bosch Smart Home Controller	Title Multiple Vulnerabilities in Bosch Smart Home Controller	Publication Date 2019-05-29	Last Update 2019-05-29
Security Advisory ID BOSCH-SA-804652-BT	Assigned CVE IDs CVE-2019-11684	CVSS Score* 9.9	Affected Products Bosch Video Recording Manager	Title Unauthenticated Certificate Access in Video Recording Manager	Publication Date 2019-05-09	Last Update 2019-05-22
Security Advisory ID BOSCH-2019-0404-BT	Assigned CVE IDs CVE-2019-6958	CVSS Score* 9.8	Affected Products Bosch Video Management Systems (BVMS) DIVAR IP products Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Improper Access Control in Bosch Security Systems Software for Video, PSIM and Access Control Systems	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0403-BT	Assigned CVE IDs CVE-2019-6957	CVSS Score* 9.8	Affected Products Bosch Video Management Systems (BVMS) DIVAR IP products Video Recording Manager (VRM) software Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Buffer Overflow in Bosch Security Systems Software for Video, PSIM and Access	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0402-BT	Assigned CVE IDs CVE-2019-8952	CVSS Score* 4.9	Affected Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Path Traversal Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0401-BT	Assigned CVE IDs CVE-2019-8951	CVSS Score* 6.1	Affected Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Open Redirect Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0204	Assigned CVE IDs CVE-2019-7729	CVSS Score* 4.8	Affected Products Smart Camera App for Android < 1.3.1	Title Insecure Permissions in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0202	Assigned CVE IDs CVE-2019-7728	CVSS Score* 8.3	Affected Products Smart Camera App for Android < 1.3.1	Title Improper Certificate Validation in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0201	Assigned CVE IDs	CVSS Score* 9.8	Affected Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2019-02-18	Last Update 2019-02-18
Security Advisory ID BOSCH-2019-0101-BT	Assigned CVE IDs	CVSS Score* 10	Affected Products Bosch digital recorder DVR 400 & 600 series	Title DIVAR 400 & 600 series Vulnerability	Publication Date 2019-01-22	Last Update 2019-01-22

2018

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2018-1203	Assigned CVE IDs CVE-2018-20299	CVSS Score* 9.4	Affected Products 360° Indoor Camera < 6.52.4 Eyes Outdoor Camera < 6.52.4	Title Bosch Smart Home Camera Vulnerability	Publication Date 2018-12-18	Last Update 2018-12-20
Security Advisory ID BOSCH-2018-1202-BT	Assigned CVE IDs CVE-2018-19036	CVSS Score* 9.4	Affected Products AUTODOME IP AVIOTEC IP DINION HD DINION IP EXTEGRA IP FLEXIDOME HD Vandal-proof FLEXIDOME HD FLEXIDOME IP IP bullet IP micro MIC IP TINYON IP	Title Bosch IP Camera Vulnerability	Publication Date 2018-12-12	Last Update 2018-12-12
Security Advisory ID BOSCH-2018-1201	Assigned CVE IDs	CVSS Score* 6.5	Affected Products Access Easy Controller 2.1	Title Bosch Access Easy Controller 2.1	Publication Date 2018-12-03	Last Update 2018-12-03
Security Advisory ID BOSCH-2018-1101	Assigned CVE IDs	CVSS Score* 9.8	Affected Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2018-11-27	Last Update 2018-11-27

2017

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2017-0201	Assigned CVE IDs	CVSS Score* 6.5	Affected Products Bosch Drivelog Connector	Title Bosch Drivelog Connector	Publication Date 2017-04-13	Last Update 2017-04-13
Security Advisory ID BOSCH-2016-0501	Assigned CVE IDs	CVSS Score* 2.9	Affected Products Bosch BMA222E	Title Bosch BMA222E Acoustic Resonance Interference	Publication Date 2017-03-14	Last Update 2017-03-14

2016

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2016-0701	Assigned CVE IDs	CVSS Score* 6.4	Affected Products Bosch Rexroth BLADEcontrol-WebVIS	Title Bosch Rexroth BLADEcontrol-WebVIS	Publication Date 2016-07-22	Last Update 2017-03-14

Atom / RSS Feeds

Subscribe to our feed(s) to be notified about new Security Advisories.

Bosch PSIRT

E-mail

psirt@bosch.com

Report a Vulnerability here

View Security Advisories

Bosch PSIRT public keys

Search our S/MIME key here
_{Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0}

Find our PGP Key here
_{Fingerprint: C472 B7F2 92E1 59FA 18B6 7725 0379 8EFD B0BB 0EB1}