Bosch PSIRT

Bosch PSIRT Security Advisories

Information about security vulnerabilities affecting Bosch products.

2019

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Bosch Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVE-2019-11899
CVSS
Score*
8.8
Affected Bosch Products
Bosch Access Professional Edition
Title
Improper Access Control in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security Advisory ID Assigned CVE IDs
CVE-2019-11898
CVSS
Score*
9.9
Affected Bosch Products
Bosch Access Professional Edition
Title
Hard-coded Credentials in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security Advisory ID Assigned CVE IDs
CVE-2019-1181
CVE-2019-1182
CVSS
Score*
9.8
Affected Bosch Products

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 5000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch HP Server DL380
  • Bosch HP Workstation
  • Bosch UGM 2040 plus
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000

Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-09-03
Last Update
2019-09-03
Security Advisory ID Assigned CVE IDs
CVE-2019-11601 CVE-2019-11897
CVE-2019-11602 CVE-2019-11603
CVSS
Score*
9.1
Affected Bosch Products

  • ProSyst mBS SDK < 8.2.6
  • Bosch IoT Gateway Software < 9.0.2
  • Bosch IoT Gateway Software < 9.2.0
  • Bosch IoT Gateway Software < 9.3.0

Title
Multiple Vulnerabilities in ProSyst mBS SDK and Bosch IoT Gateway Software
Publication
Date
2019-08-19
Last Update
2019-08-21
Security Advisory ID Assigned CVE IDs
CVE-2019-12256
CVE-2019-12257
CVE-2019-12255
CVE-2019-12260
CVE-2019-12261
CVE-2019-12263
CVE-2019-12258
CVE-2019-12259
CVE-2019-12262
CVE-2019-12264
CVE-2019-12265
CVSS
Score*
9.8
Affected Bosch Products

  • Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22
  • Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22
  • Rexroth industrial PC VPB40.4, firmware version < 14V22
  • Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)

Title
VxWorks security updates in Bosch Rexroth controllers
Publication
Date
2019-08-08
Last Update
2019-08-08
Security Advisory ID Assigned CVE IDs
CVE-2019-0708
CVSS
Score*
9.8
Affected Bosch Products

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch HP Workstation
  • Bosch HP Server DL 380
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000

Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-06-12
Last Update
2019-06-12
Security Advisory ID Assigned CVE IDs
CVE-2019-11601
CVE-2019-11602
CVE-2019-11603
CVE-2019-11891
CVE-2019-11892
CVE-2019-11893
CVE-2019-11894
CVE-2019-11895
CVE-2019-11896
CVE-2019-11897
CVSS
Score*
9.1
Affected Bosch Products
Bosch Smart Home Controller
Title
Multiple Vulnerabilities in Bosch Smart Home Controller
Publication
Date
2019-05-29
Last Update
2019-05-29
Security Advisory ID Assigned CVE IDs
CVE-2019-11684
CVSS
Score*
9.9
Affected Bosch Products
Bosch Video Recording Manager
Title
Unauthenticated Certificate Access in Video Recording Manager
Publication
Date
2019-05-09
Last Update
2019-05-22
Security Advisory ID Assigned CVE IDs
CVE-2019-6958
CVSS
Score*
9.8
Affected Bosch Products

  • Bosch Video Management Systems (BVMS)
  • DIVAR IP products
  • Configuration Manager
  • Video SDK (VSDK)
  • Bosch Video Client (BVC)
  • Building Integration System (BIS)
  • Access Professional Edition (APE)
  • Access Easy Controller (AEC)

Title
Improper Access Control in Bosch Security Systems Software for Video, PSIM and Access Control Systems
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-6957
CVSS
Score*
9.8
Affected Bosch Products

  • Bosch Video Management Systems (BVMS)
  • DIVAR IP products
  • Video Recording Manager (VRM) software
  • Configuration Manager
  • Video SDK (VSDK)
  • Bosch Video Client (BVC)
  • Building Integration System (BIS)
  • Access Professional Edition (APE)
  • Access Easy Controller (AEC)

Title
Buffer Overflow in Bosch Security Systems Software for Video, PSIM and Access
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-8952
CVSS
Score*
4.9
Affected Bosch Products
Hardware:

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000

Software:

  • Video Recording Manager (VRM)
  • Bosch Video Management System (BVMS)

Title
Path Traversal Vulnerability in Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-8951
CVSS
Score*
6.1
Affected Bosch Products
Hardware:

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000

Software:

  • Video Recording Manager (VRM)
  • Bosch Video Management System (BVMS)

Title
Open Redirect Vulnerability in Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-7729
CVSS
Score*
4.8
Affected Bosch Products
Smart Camera App for Android < 1.3.1
Title
Insecure Permissions in Smart Camera App for Android
Publication
Date
2019-02-22
Last Update
2019-02-22
Security Advisory ID Assigned CVE IDs
CVE-2019-7728
CVSS
Score*
8.3
Affected Bosch Products
Smart Camera App for Android < 1.3.1
Title
Improper Certificate Validation in Smart Camera App for Android
Publication
Date
2019-02-22
Last Update
2019-02-22
Security Advisory ID Assigned CVE IDs
CVSS
Score*
9.8
Affected Bosch Products

  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02

Title
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
Publication
Date
2019-02-18
Last Update
2019-02-18
Security Advisory ID Assigned CVE IDs
CVSS
Score*
10
Affected Bosch Products
Bosch digital recorder DVR 400 & 600 series
Title
DIVAR 400 & 600 series Vulnerability
Publication
Date
2019-01-22
Last Update
2019-01-22
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2018

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Bosch Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVE-2018-20299
CVSS
Score*
9.4
Affected Bosch Products

  • 360° Indoor Camera < 6.52.4
  • Eyes Outdoor Camera < 6.52.4

Title
Bosch Smart Home Camera Vulnerability
Publication
Date
2018-12-18
Last Update
2018-12-20
Security Advisory ID Assigned CVE IDs
CVE-2018-19036
CVSS
Score*
9.4
Affected Bosch Products

  • AUTODOME IP
  • AVIOTEC IP
  • DINION HD
  • DINION IP
  • EXTEGRA IP
  • FLEXIDOME HD
  • Vandal-proof FLEXIDOME HD
  • FLEXIDOME IP
  • IP bullet
  • IP micro
  • MIC IP
  • TINYON IP

Title
Bosch IP Camera Vulnerability
Publication
Date
2018-12-12
Last Update
2018-12-12
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.5
Affected Bosch Products

  • Access Easy Controller 2.1

Title
Bosch Access Easy Controller 2.1
Publication
Date
2018-12-03
Last Update
2018-12-03
Security Advisory ID Assigned CVE IDs
CVSS
Score*
9.8
Affected Bosch Products

  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02

Title
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
Publication
Date
2018-11-27
Last Update
2018-11-27
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2017

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Bosch Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.5
Affected Bosch Products
Bosch Drivelog Connector
Title
Bosch Drivelog Connector
Publication
Date
2017-04-13
Last Update
2017-04-13
Security Advisory ID Assigned CVE IDs
CVSS
Score*
2.9
Affected Bosch Products
Bosch BMA222E
Title
Bosch BMA222E Acoustic Resonance Interference
Publication
Date
2017-03-14
Last Update
2017-03-14
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2016

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Bosch Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.4
Affected Bosch Products
Bosch Rexroth BLADEcontrol-WebVIS
Title
Bosch Rexroth BLADEcontrol-WebVIS
Publication
Date
2016-07-22
Last Update
2017-03-14
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Contact

Bosch PSIRT

E-mail

Bosch PSIRT public keys

Search our S/MIME key here
Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0

Find our PGP Key here
Fingerprint: ED:47:BD:35:F9:C8:5A:52:3F:08:A7:B8:55:60:42:DB:20:A6:AB:46