Bosch PSIRT Security Advisories

Information about security vulnerabilities affecting Bosch products.

2019

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Bosch Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-844044-BT	Assigned CVE IDs CVE-2019-11899	CVSS Score* 8.8	Affected Bosch Products Bosch Access Professional Edition	Title Improper Access Control in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-710832-BT	Assigned CVE IDs CVE-2019-11898	CVSS Score* 9.9	Affected Bosch Products Bosch Access Professional Edition	Title Hard-coded Credentials in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-553243-BT	Assigned CVE IDs CVE-2019-1181 CVE-2019-1182	CVSS Score* 9.8	Affected Bosch Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 5000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000 Bosch HP Server DL380 Bosch HP Workstation Bosch UGM 2040 plus Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-09-03	Last Update 2019-09-03
Security Advisory ID BOSCH-SA-562575	Assigned CVE IDs CVE-2019-11601 CVE-2019-11897 CVE-2019-11602 CVE-2019-11603	CVSS Score* 9.1	Affected Bosch Products ProSyst mBS SDK < 8.2.6 Bosch IoT Gateway Software < 9.0.2 Bosch IoT Gateway Software < 9.2.0 Bosch IoT Gateway Software < 9.3.0	Title Multiple Vulnerabilities in ProSyst mBS SDK and Bosch IoT Gateway Software	Publication Date 2019-08-19	Last Update 2019-08-21
Security Advisory ID BOSCH-SA-761722	Assigned CVE IDs CVE-2019-12256 CVE-2019-12257 CVE-2019-12255 CVE-2019-12260 CVE-2019-12261 CVE-2019-12263 CVE-2019-12258 CVE-2019-12259 CVE-2019-12262 CVE-2019-12264 CVE-2019-12265	CVSS Score* 9.8	Affected Bosch Products Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22 Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22 Rexroth industrial PC VPB40.4, firmware version < 14V22 Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)	Title VxWorks security updates in Bosch Rexroth controllers	Publication Date 2019-08-08	Last Update 2019-08-08
Security Advisory ID BOSCH-SA-425803-BT	Assigned CVE IDs CVE-2019-0708	CVSS Score* 9.8	Affected Bosch Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch HP Workstation Bosch HP Server DL 380 Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-06-12	Last Update 2019-06-12
Security Advisory ID BOSCH-SA-662084	Assigned CVE IDs CVE-2019-11601 CVE-2019-11602 CVE-2019-11603 CVE-2019-11891 CVE-2019-11892 CVE-2019-11893 CVE-2019-11894 CVE-2019-11895 CVE-2019-11896 CVE-2019-11897	CVSS Score* 9.1	Affected Bosch Products Bosch Smart Home Controller	Title Multiple Vulnerabilities in Bosch Smart Home Controller	Publication Date 2019-05-29	Last Update 2019-05-29
Security Advisory ID BOSCH-SA-804652-BT	Assigned CVE IDs CVE-2019-11684	CVSS Score* 9.9	Affected Bosch Products Bosch Video Recording Manager	Title Unauthenticated Certificate Access in Video Recording Manager	Publication Date 2019-05-09	Last Update 2019-05-22
Security Advisory ID BOSCH-2019-0404-BT	Assigned CVE IDs CVE-2019-6958	CVSS Score* 9.8	Affected Bosch Products Bosch Video Management Systems (BVMS) DIVAR IP products Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Improper Access Control in Bosch Security Systems Software for Video, PSIM and Access Control Systems	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0403-BT	Assigned CVE IDs CVE-2019-6957	CVSS Score* 9.8	Affected Bosch Products Bosch Video Management Systems (BVMS) DIVAR IP products Video Recording Manager (VRM) software Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Buffer Overflow in Bosch Security Systems Software for Video, PSIM and Access	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0402-BT	Assigned CVE IDs CVE-2019-8952	CVSS Score* 4.9	Affected Bosch Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Path Traversal Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0401-BT	Assigned CVE IDs CVE-2019-8951	CVSS Score* 6.1	Affected Bosch Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Open Redirect Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0204	Assigned CVE IDs CVE-2019-7729	CVSS Score* 4.8	Affected Bosch Products Smart Camera App for Android < 1.3.1	Title Insecure Permissions in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0202	Assigned CVE IDs CVE-2019-7728	CVSS Score* 8.3	Affected Bosch Products Smart Camera App for Android < 1.3.1	Title Improper Certificate Validation in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0201	Assigned CVE IDs	CVSS Score* 9.8	Affected Bosch Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2019-02-18	Last Update 2019-02-18
Security Advisory ID BOSCH-2019-0101-BT	Assigned CVE IDs	CVSS Score* 10	Affected Bosch Products Bosch digital recorder DVR 400 & 600 series	Title DIVAR 400 & 600 series Vulnerability	Publication Date 2019-01-22	Last Update 2019-01-22

*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2018

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Bosch Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2018-1203	Assigned CVE IDs CVE-2018-20299	CVSS Score* 9.4	Affected Bosch Products 360° Indoor Camera < 6.52.4 Eyes Outdoor Camera < 6.52.4	Title Bosch Smart Home Camera Vulnerability	Publication Date 2018-12-18	Last Update 2018-12-20
Security Advisory ID BOSCH-2018-1202-BT	Assigned CVE IDs CVE-2018-19036	CVSS Score* 9.4	Affected Bosch Products AUTODOME IP AVIOTEC IP DINION HD DINION IP EXTEGRA IP FLEXIDOME HD Vandal-proof FLEXIDOME HD FLEXIDOME IP IP bullet IP micro MIC IP TINYON IP	Title Bosch IP Camera Vulnerability	Publication Date 2018-12-12	Last Update 2018-12-12
Security Advisory ID BOSCH-2018-1201	Assigned CVE IDs	CVSS Score* 6.5	Affected Bosch Products Access Easy Controller 2.1	Title Bosch Access Easy Controller 2.1	Publication Date 2018-12-03	Last Update 2018-12-03
Security Advisory ID BOSCH-2018-1101	Assigned CVE IDs	CVSS Score* 9.8	Affected Bosch Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2018-11-27	Last Update 2018-11-27

2017

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Bosch Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2017-0201	Assigned CVE IDs	CVSS Score* 6.5	Affected Bosch Products Bosch Drivelog Connector	Title Bosch Drivelog Connector	Publication Date 2017-04-13	Last Update 2017-04-13
Security Advisory ID BOSCH-2016-0501	Assigned CVE IDs	CVSS Score* 2.9	Affected Bosch Products Bosch BMA222E	Title Bosch BMA222E Acoustic Resonance Interference	Publication Date 2017-03-14	Last Update 2017-03-14

2016

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Bosch Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2016-0701	Assigned CVE IDs	CVSS Score* 6.4	Affected Bosch Products Bosch Rexroth BLADEcontrol-WebVIS	Title Bosch Rexroth BLADEcontrol-WebVIS	Publication Date 2016-07-22	Last Update 2017-03-14

RSS Feed

Bosch PSIRT

E-mail

Report a Vulnerability here

Bosch PSIRT public keys

Search our S/MIME key here
_{Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0}

Find our PGP Key here
_{Fingerprint: ED:47:BD:35:F9:C8:5A:52:3F:08:A7:B8:55:60:42:DB:20:A6:AB:46}