Bosch PSIRT Security Advisories

Information about security vulnerabilities affecting Bosch products.

2023

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Bosch Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-931197	Assigned CVE IDs CVE-2022-3480	CVSS Score* 7.5	Affected Bosch Products Bosch Rexroth FL MGUARD DELTA TX/T& (R911173817) Bosch Rexroth FL MGUARD RS2000 TX/& (R913056204) Bosch Rexroth FL MGUARD RS2000 TX/& (R913058931) Bosch Rexroth FL MGUARD RS4000 TX/& (R901351745) Bosch Rexroth FL MGUARD RS4000 TX/& (R911173814) Bosch Rexroth FL MGUARD RS4000 TX/& (R913076699) Bosch Rexroth FL MGUARD RS4000 VPN& (R901352542) Bosch Rexroth FL MGUARD RS4004 TX/& (R913050362) Bosch Rexroth FL MGUARD RS4004 TX/& (R913051602) Bosch Rexroth FL MGUARD SMART2 VPN& (R911173818) Bosch Rexroth TC MGUARD RS2000 3G & (R911173815) Bosch Rexroth TC MGUARD RS2000 4G & (R913066122) Bosch Rexroth TC MGUARD RS4000 3G & (R911173816) Bosch Rexroth TC MGUARD RS4000 4G & (R901541498)	Title Vulnerability in routers FL MGUARD and TC MGUARD	Publication Date 2023-03-03	Last Update 2023-03-03

*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2022

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-247053-BT	Assigned CVE IDs Multiple CVEs in 3rd party components (see Advisory)	CVSS Score* 9.8	Affected Products Bosch PRA-ES8P2S	Title Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch	Publication Date 2022-11-23	Last Update 2023-02-08
Security Advisory ID BOSCH-SA-454166-BT	Assigned CVE IDs CVE-2022-40183 CVE-2022-40184	CVSS Score* 5.8	Affected Products Bosch VIDEOJET multi 4000	Title Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000	Publication Date 2022-10-19	Last Update 2023-01-18
Security Advisory ID BOSCH-SA-609377-BT	Assigned CVE IDs Multiple CVEs in 3rd party components (see Advisory)	CVSS Score* 9.8	Affected Products Bosch DSA E2800 Bosch DSA E2800 Base units Bosch DSA E2800 Dual Controllers	Title Multiple Vulnerabilities in NetApp DSA E2800 series	Publication Date 2022-10-19	Last Update 2022-12-07
Security Advisory ID BOSCH-SA-464066-BT	Assigned CVE IDs CVE-2022-32540	CVSS Score* 7.4	Affected Products Bosch BVMS Bosch VJD-7513	Title Information Disclosure in VIDEOJET Decoder and Operator Client application in BVMS	Publication Date 2022-09-21	Last Update 2022-09-21
Security Advisory ID BOSCH-SA-463993	Assigned CVE IDs CVE-2022-27579 CVE-2022-27580	CVSS Score* 7.8	Affected Products Bosch Rexroth AG SafeLogic Designer	Title SafeLogic Designer vulnerabilities	Publication Date 2022-08-11	Last Update 2022-08-11
Security Advisory ID BOSCH-SA-013924-BT	Assigned CVE IDs CVE-2022-36301 CVE-2022-36302	CVSS Score* 9.8	Affected Products Bosch BF-OS	Title Multiple Vulnerabilities in BF-OS	Publication Date 2022-08-01	Last Update 2022-11-03
Security Advisory ID BOSCH-SA-247052-BT	Assigned CVE IDs CVE-2022-32534 CVE-2022-32535 CVE-2022-32536 Multiple CVEs in 3rd party components	CVSS Score* 9.8	Affected Products Bosch PRA-ES8P2S	Title Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch	Publication Date 2022-06-22	Last Update 2023-02-08
Security Advisory ID BOSCH-SA-577411	Assigned CVE IDs CVE-2022-22513 CVE-2022-22514 CVE-2022-22515 CVE-2022-22517 CVE-2022-22519	CVSS Score* 8.1	Affected Products Bosch Rexroth IndraLogic Bosch Rexroth IndraMotion MLC Bosch Rexroth IndraMotion MLD Bosch Rexroth IndraMotion MTX Bosch Rexroth ctrlX CORE PLC	Title Vulnerabilities in the communication protocol of the PLC runtime	Publication Date 2022-05-02	Last Update 2022-10-11
Security Advisory ID BOSCH-SA-982696	Assigned CVE IDs CVE-2022-0778	CVSS Score* 7.5	Affected Products Bosch Rexroth FL MGUARD DELTA TX/T& (R911173817) Bosch Rexroth FL MGUARD RS2000 TX/& (R913056204) Bosch Rexroth FL MGUARD RS2000 TX/& (R913058931) Bosch Rexroth FL MGUARD RS4000 TX/& (R901351745) Bosch Rexroth FL MGUARD RS4000 TX/& (R911173814) Bosch Rexroth FL MGUARD RS4000 TX/& (R913073676) Bosch Rexroth FL MGUARD RS4000 TX/& (R913076699) Bosch Rexroth FL MGUARD RS4000 VPN& (R901352542) Bosch Rexroth FL MGUARD RS4004 TX/& (R913050362) Bosch Rexroth FL MGUARD RS4004 TX/& (R913051602) Bosch Rexroth FL MGUARD SMART2 VPN& (R911173818) Bosch Rexroth FL MGUARD SMART2 VPN& (R913073677) Bosch Rexroth TC MGUARD RS2000 3G & (R911173815) Bosch Rexroth TC MGUARD RS2000 4G & (R913066122) Bosch Rexroth TC MGUARD RS4000 3G & (R911173816) Bosch Rexroth TC MGUARD RS4000 4G & (R901541498)	Title Vulnerability in routers FL MGUARD and TC MGUARD	Publication Date 2022-04-27	Last Update 2022-04-27
Security Advisory ID BOSCH-SA-309239-BT	Assigned CVE IDs CVE-2022-22965	CVSS Score* 9.8	Affected Products Bosch MATRIX	Title Improper Control of Generation of Code in Bosch MATRIX	Publication Date 2022-04-27	Last Update 2022-04-27
Security Advisory ID BOSCH-SA-029150	Assigned CVE IDs CVE-2016-10228 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-6096 CVE-2021-27645 CVE-2021-3326 CVE-2021-35942 CVE-2021-3998 CVE-2021-3999 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236	CVSS Score* 9.8	Affected Products Bosch Rexroth ctrlX CORE Bosch Rexroth ctrlX CORE (LTS) Bosch Rexroth ctrlX CORE (Node-Red) Bosch Rexroth ctrlX CORE (Node-Red) (LTS)	Title Multiple ctrlX CORE vulnerabilities	Publication Date 2022-04-20	Last Update 2022-04-20
Security Advisory ID BOSCH-SA-446276-BT	Assigned CVE IDs CVE-2021-23850 CVE-2021-23851	CVSS Score* 6.8	Affected Products Bosch CPP Firmware	Title Buffer Overflow Vulnerability in Recovery Image	Publication Date 2022-03-30	Last Update 2022-09-07
Security Advisory ID BOSCH-SA-479793-BT	Assigned CVE IDs CVE-2018-1285	CVSS Score* 9.8	Affected Products Bosch FSM-10000 Client Bosch FSM-10000 Server Bosch FSM-10k Client Bosch FSM-10k Server Bosch FSM-2500 Client Bosch FSM-2500 Server Bosch FSM-5000 Client Bosch FSM-5000 Server	Title Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability	Publication Date 2022-03-23	Last Update 2022-03-23
Security Advisory ID BOSCH-SA-506619-BT	Assigned CVE IDs CVE-2018-1285	CVSS Score* 9.8	Affected Products Bosch BVMS Bosch DIVAR IP 7000 R2 Bosch DIVAR IP all-in-one 5000 Bosch DIVAR IP all-in-one 7000	Title Improper Restriction of XML External Entity Reference in BVMS	Publication Date 2022-03-16	Last Update 2022-03-16
Security Advisory ID BOSCH-SA-844050-BT	Assigned CVE IDs CVE-2021-23863	CVSS Score* 6.1	Affected Products Bosch Video Security Android Application	Title Injection of arbitrary HTML code in Bosch Video Security Android App	Publication Date 2022-01-26	Last Update 2022-09-07
Security Advisory ID BOSCH-SA-940448-BT	Assigned CVE IDs CVE-2021-23842 CVE-2021-23843	CVSS Score* 8.8	Affected Products Bosch AMC2 Bosch AMS Bosch APE Bosch BIS	Title Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)	Publication Date 2022-01-19	Last Update 2022-01-28

2021

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-993110-BT	Assigned CVE IDs CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	CVSS Score* 10.0	Affected Products Bosch PRA-APAS	Title Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS)	Publication Date 2021-12-22	Last Update 2021-12-22
Security Advisory ID BOSCH-SA-572602	Assigned CVE IDs CVE-2021-44228 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105	CVSS Score* 9.0	Affected Products Bosch Rexroth IoT Gateway for Ubuntu Core (PR21 Hardware) Bosch Rexroth IoT Gateway for Windows (based on Felix OSGi) Bosch Rexroth IoT Gateway for Windows (based on mbs OSGi)	Title Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products	Publication Date 2021-12-21	Last Update 2022-01-10
Security Advisory ID BOSCH-SA-043434-BT	Assigned CVE IDs CVE-2021-23859 CVE-2021-23860 CVE-2021-23861 CVE-2021-23862	CVSS Score* 9.1	Affected Products Bosch AEC Bosch APE Bosch BIS Bosch BVMS Bosch DIVAR IP 7000 R2 Bosch DIVAR IP all-in-one 5000 Bosch DIVAR IP all-in-one 7000 Bosch VJD-7513 Bosch VJD-8000 Bosch VRM Bosch VRM Exporter	Title Multiple Vulnerabilities in Bosch BT software products	Publication Date 2021-12-08	Last Update 2021-12-08
Security Advisory ID BOSCH-SA-741752	Assigned CVE IDs CVE-2021-23855 CVE-2021-23856 CVE-2021-23857 CVE-2021-23858	CVSS Score* 10.0	Affected Products Rexroth IndraMotion MLC IndraMotion XLC Rexroth IndraMotion MLC L20, L40 Rexroth IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC Rexroth IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC	Title Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series	Publication Date 2021-10-04	Last Update 2022-08-25
Security Advisory ID BOSCH-SA-033305-BT	Assigned CVE IDs CVE-2021-23849	CVSS Score* 7.5	Affected Products Bosch CPP Firmware	Title Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras	Publication Date 2021-08-04	Last Update 2021-10-07
Security Advisory ID BOSCH-SA-670099	Assigned CVE IDs CVE-2021-30186 CVE-2021-30188 CVE-2021-30189 CVE-2021-30190 CVE-2021-30191 CVE-2021-30192 CVE-2021-30193 CVE-2021-30194 CVE-2021-30195	CVSS Score* 9.8	Affected Products Bosch Rexroth CS351E-D IL Bosch Rexroth CS351E-G IL Bosch Rexroth CS351S-D IL Bosch Rexroth CS351S-G IL Bosch Rexroth KE350G IL	Title Vulnerabilities in CODESYS V2 runtime systems	Publication Date 2021-07-20	Last Update 2021-07-20
Security Advisory ID BOSCH-SA-475180	Assigned CVE IDs CVE-2021-30186 CVE-2021-30188 CVE-2021-30195	CVSS Score* 9.8	Affected Products Bosch Rexroth IndraLogic Bosch Rexroth IndraMotion MLC Bosch Rexroth IndraMotion MLD Bosch Rexroth IndraMotion MTX Bosch Rexroth SYNAX Bosch Rexroth Visual Motion	Title Vulnerabilities in CODESYS V2 runtime systems	Publication Date 2021-07-09	Last Update 2021-07-09
Security Advisory ID BOSCH-SA-478243-BT	Assigned CVE IDs CVE-2021-23847 CVE-2021-23848 CVE-2021-23852 CVE-2021-23853 CVE-2021-23854	CVSS Score* 9.8	Affected Products Bosch CPP Firmware	Title Multiple vulnerabilities in Bosch IP cameras	Publication Date 2021-06-09	Last Update 2021-06-09
Security Advisory ID BOSCH-SA-196933-BT	Assigned CVE IDs CVE-2021-23845 CVE-2021-23846	CVSS Score* 8.8	Affected Products Bosch B426 Firmware Bosch B426-CN/B429- CN Firmware Bosch B426-M Firmware Bosch B426 Firmware	Title Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M	Publication Date 2021-05-28	Last Update 2023-02-03
Security Advisory ID BOSCH-SA-350374	Assigned CVE IDs CVE-2021-29242	CVSS Score* 7.3	Affected Products Bosch Rexroth IndraMotion MLC Bosch Rexroth IndraMotion MLD Bosch Rexroth IndraMotion MTX Bosch Rexroth ctrlX CORE PLC App	Title Vulnerability in the routing protocol of the PLC runtime	Publication Date 2021-05-19	Last Update 2021-05-19
Security Advisory ID BOSCH-SA-017743	Assigned CVE IDs CVE-2020-26116 CVE-2020-27619 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-3177 CVE-2021-3449	CVSS Score* 9.8	Affected Products ctrlX CORE - IDE App	Title ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities	Publication Date 2021-04-30	Last Update 2021-04-30
Security Advisory ID BOSCH-SA-428397	Assigned CVE IDs n/a	CVSS Score* n/a	Affected Products Rexroth R-IL ETH BK DI8 DO4 2TX-PAC Rexroth R-IL PN BK DI8 DO4-PAC Rexroth R-IL S3 BK DI8 DO4-PAC Rexroth S20-EC-BK Rexroth S20-EIP-BK Rexroth S20-ETH-BK Rexroth S20-PN-BK+ Rexroth S20-S3-BK+	Title FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline	Publication Date 2021-04-30	Last Update 2021-04-30
Security Advisory ID BOSCH-SA-918106	Assigned CVE IDs CVE-2020-27815 CVE-2020-27830 CVE-2020-28374 CVE-2020-28941 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-27803	CVSS Score* 9.1	Affected Products Rexroth IoT Gateway ctrlX CORE Runtime	Title ctrlX Multiple Vulnerabilities	Publication Date 2021-04-23	Last Update 2021-04-23
Security Advisory ID BOSCH-SA-282922	Assigned CVE IDs CVE-2021-20987	CVSS Score* 7.5	Affected Products Bosch Rexroth ActiveMover	Title Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol	Publication Date 2021-03-31	Last Update 2021-03-31
Security Advisory ID BOSCH-SA-637429	Assigned CVE IDs CVE-2021-20986	CVSS Score* 7.5	Affected Products Bosch Rexroth ActiveMover with firmware version	Title Denial of Service in Rexroth ActiveMover using Profinet protocol	Publication Date 2021-03-31	Last Update 2022-01-26
Security Advisory ID BOSCH-SA-835563-BT	Assigned CVE IDs CVE-2020-6771 CVE-2020-6785 CVE-2020-6786 CVE-2020-6787 CVE-2020-6788 CVE-2020-6789 CVE-2020-6790	CVSS Score* 7.8	Affected Products Bosch BVMS Bosch BVMS Viewer Bosch Configuration Manager Bosch DIVAR IP 7000 R2 DIVAR IP all-in-one 5000 DIVAR IP all-in-one 7000 Bosch IP Helper Bosch Monitor Wall Bosch Video Client Bosch Video Recording Manager Bosch Video Streaming Gateway	Title Uncontrolled Search Path Element in Multiple Bosch Products	Publication Date 2021-03-24	Last Update 2021-03-30
Security Advisory ID BOSCH-SA-762869-BT	Assigned CVE IDs CVE-2021-3011	CVSS Score* 4.2	Affected Products Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3	Title Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders	Publication Date 2021-03-03	Last Update 2021-03-03
Security Advisory ID BOSCH-SA-372917	Assigned CVE IDs CVE-2020-29661 CVE-2021-3156 CVE-2021-3347	CVSS Score* 7.8	Affected Products Rexroth IoT Gateway ctrlX CORE Runtime	Title Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products	Publication Date 2021-02-24	Last Update 2021-02-24
Security Advisory ID BOSCH-SA-775371	Assigned CVE IDs CVE-2020-25159	CVSS Score* 9.8	Affected Products Rexroth ID 200/C-ETH	Title Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol	Publication Date 2021-01-27	Last Update 2021-01-27
Security Advisory ID BOSCH-SA-332072-BT	Assigned CVE IDs CVE-2020-6779 CVE-2020-6780	CVSS Score* 10	Affected Products Bosch FSM-2500 Bosch FSM-5000	Title Two Vulnerabilities in Bosch Fire Monitoring System (FSM)	Publication Date 2021-01-20	Last Update 2021-01-20

2020

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-274557	Assigned CVE IDs CVE-2020-1971	CVSS Score* 5.9	Affected Products ctrlX CORE Runtime ctrlX WORKS ctrlX CORE OPC UA Client ctrlX CORE OPC UA Server	Title ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971	Publication Date 2020-12-18	Last Update 2021-01-21
Security Advisory ID BOSCH-SA-152060	Assigned CVE IDs CVE-2019-5105 CVE-2020-7052	CVSS Score* 7.5	Affected Products Rexroth IndraMotion MTX Rexroth IndraMotion MLC Rexroth IndraMotion MLD	Title Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products	Publication Date 2020-12-16	Last Update 2020-12-16
Security Advisory ID BOSCH-SA-387388	Assigned CVE IDs CVE-2019-18858 CVE-2019-5105 CVE-2019-9010 CVE-2019-9012 CVE-2019-9013 CVE-2020-10245	CVSS Score* 10.0	Affected Products Rexroth PRC7000	Title Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000	Publication Date 2020-12-16	Last Update 2020-12-16
Security Advisory ID BOSCH-SA-856281	Assigned CVE IDs CVE-2019-0708	CVSS Score* 9.8	Affected Products Rexroth VEP15.6 Rexroth VEP21.6 Rexroth VEP30.5 Rexroth VEP40.5 Rexroth VEP50.5 Rexroth VPB40.3 Rexroth VPB40.4 Rexroth VPP16 Rexroth VPP40 Rexroth VPP60	Title Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs	Publication Date 2020-10-13	Last Update 2020-10-13
Security Advisory ID BOSCH-SA-538331-BT	Assigned CVE IDs CVE-2020-6776 CVE-2020-6777 CVE-2020-15688	CVSS Score* 8.8	Affected Products Bosch PRAESENSA Bosch PRAESIDEO	Title Vulnerabilities in Bosch PRAESIDEO and PRAESENSA	Publication Date 2020-09-30	Last Update 2020-09-30
Security Advisory ID BOSCH-SA-231483	Assigned CVE IDs CVE-2020-14513 CVE-2020-14519 CVE-2020-14509 CVE-2020-14517 CVE-2020-16233 CVE-2020-14515	CVSS Score* 10.0	Affected Products Rexroth ActiveAssist Tool localization extension module Rexroth Laser Localization Software	Title WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products	Publication Date 2020-09-25	Last Update 2020-09-25
Security Advisory ID BOSCH-SA-347336	Assigned CVE IDs CVE-2020-6781	CVSS Score* 6.8	Affected Products Bosch Smart Home iOS App	Title Improper Certificate Validation in Bosch Smart Home System App for iOS	Publication Date 2020-08-25	Last Update 2020-08-25
Security Advisory ID BOSCH-SA-363824-BT	Assigned CVE IDs CVE-2017-0144 CVE-2019-0708 CVE-2020-6774	CVSS Score* 9.8	Affected Products Bosch Recording Station	Title Multiple Vulnerabilities in Bosch Recording Station (BRS)	Publication Date 2020-05-27	Last Update 2020-05-27
Security Advisory ID BOSCH-SA-645125	Assigned CVE IDs CVE-2018-16994	CVSS Score* 7.5	Affected Products Rexroth S20-PN-BK+ Rexroth S20-ETH-BK	Title Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK	Publication Date 2020-03-16	Last Update 2020-03-16
Security Advisory ID BOSCH-SA-885551-BT	Assigned CVE IDs CVE-2020-6770	CVSS Score* 10.0	Affected Products Bosch BVMS Mobile Video Service Bosch DIVAR IP 3000 Bosch DIVAR IP 7000	Title Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service	Publication Date 2020-01-29	Last Update 2020-01-29
Security Advisory ID BOSCH-SA-260625-BT	Assigned CVE IDs CVE-2020-6769	CVSS Score* 10.0	Affected Products Bosch Video Streaming Gateway Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000 Bosch DIVAR IP 2000 Bosch DIVAR IP 5000	Title Missing Authentication for Critical Function in Bosch Video Streaming Gateway	Publication Date 2020-01-29	Last Update 2020-01-29
Security Advisory ID BOSCH-SA-815013-BT	Assigned CVE IDs CVE-2020-6768	CVSS Score* 8.6	Affected Products Bosch Video Management System (BVMS) Bosch BVMS Viewer Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000	Title Path Traversal in Bosch Video Management System NoTouch deployment	Publication Date 2020-01-29	Last Update 2020-02-11
Security Advisory ID BOSCH-SA-381489-BT	Assigned CVE IDs CVE-2020-6767	CVSS Score* 7.7	Affected Products Bosch Video Management System (BVMS) Bosch BVMS Viewer Bosch DIVAR IP 3000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000	Title Path Traversal in Bosch Video Management System	Publication Date 2020-01-29	Last Update 2020-02-11

2019

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-SA-844044-BT	Assigned CVE IDs CVE-2019-11899	CVSS Score* 8.8	Affected Products Bosch Access Professional Edition	Title Improper Access Control in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-710832-BT	Assigned CVE IDs CVE-2019-11898	CVSS Score* 9.9	Affected Products Bosch Access Professional Edition	Title Hard-coded Credentials in Access Professional Edition 3.7 downwards	Publication Date 2019-09-11	Last Update 2019-09-11
Security Advisory ID BOSCH-SA-553243-BT	Assigned CVE IDs CVE-2019-1181 CVE-2019-1182	CVSS Score* 9.8	Affected Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 5000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch DIVAR IP all-in-one 5000 Bosch HP Server DL380 Bosch HP Workstation Bosch UGM 2040 plus Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-09-03	Last Update 2019-09-03
Security Advisory ID BOSCH-SA-562575	Assigned CVE IDs CVE-2019-11601 CVE-2019-11897 CVE-2019-11602 CVE-2019-11603	CVSS Score* 9.1	Affected Products ProSyst mBS SDK < 8.2.6 Bosch IoT Gateway Software < 9.0.2 Bosch IoT Gateway Software < 9.2.0 Bosch IoT Gateway Software < 9.3.0	Title Multiple Vulnerabilities in ProSyst mBS SDK and Bosch IoT Gateway Software	Publication Date 2019-08-19	Last Update 2020-03-16
Security Advisory ID BOSCH-SA-761722	Assigned CVE IDs CVE-2019-12256 CVE-2019-12257 CVE-2019-12255 CVE-2019-12260 CVE-2019-12261 CVE-2019-12263 CVE-2019-12258 CVE-2019-12259 CVE-2019-12262 CVE-2019-12264 CVE-2019-12265	CVSS Score* 9.8	Affected Products Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22 Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22 Rexroth industrial PC VPB40.4, firmware version < 14V22 Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)	Title VxWorks security updates in Bosch Rexroth controllers	Publication Date 2019-08-08	Last Update 2019-08-08
Security Advisory ID BOSCH-SA-425803-BT	Assigned CVE IDs CVE-2019-0708	CVSS Score* 9.8	Affected Products Bosch DIVAR IP 2000 Bosch DIVAR IP 3000 Bosch DIVAR IP 6000 Bosch DIVAR IP 7000 Bosch HP Workstation Bosch HP Server DL 380 Bosch VIDEOJET decoder 7000 Bosch VIDEOJET decoder 8000	Title Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution	Publication Date 2019-06-12	Last Update 2019-06-12
Security Advisory ID BOSCH-SA-662084	Assigned CVE IDs CVE-2019-11601 CVE-2019-11602 CVE-2019-11603 CVE-2019-11891 CVE-2019-11892 CVE-2019-11893 CVE-2019-11894 CVE-2019-11895 CVE-2019-11896 CVE-2019-11897	CVSS Score* 9.1	Affected Products Bosch Smart Home Controller	Title Multiple Vulnerabilities in Bosch Smart Home Controller	Publication Date 2019-05-29	Last Update 2019-05-29
Security Advisory ID BOSCH-SA-804652-BT	Assigned CVE IDs CVE-2019-11684	CVSS Score* 9.9	Affected Products Bosch Video Recording Manager	Title Unauthenticated Certificate Access in Video Recording Manager	Publication Date 2019-05-09	Last Update 2022-02-10
Security Advisory ID BOSCH-2019-0404-BT	Assigned CVE IDs CVE-2019-6958	CVSS Score* 9.8	Affected Products Bosch Video Management Systems (BVMS) DIVAR IP products Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Improper Access Control in Bosch Security Systems Software for Video, PSIM and Access Control Systems	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0403-BT	Assigned CVE IDs CVE-2019-6957	CVSS Score* 9.8	Affected Products Bosch Video Management Systems (BVMS) DIVAR IP products Video Recording Manager (VRM) software Configuration Manager Video SDK (VSDK) Bosch Video Client (BVC) Building Integration System (BIS) Access Professional Edition (APE) Access Easy Controller (AEC)	Title Buffer Overflow in Bosch Security Systems Software for Video, PSIM and Access	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0402-BT	Assigned CVE IDs CVE-2019-8952	CVSS Score* 4.9	Affected Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Path Traversal Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0401-BT	Assigned CVE IDs CVE-2019-8951	CVSS Score* 6.1	Affected Products Hardware: Bosch DIVAR IP 2000 Bosch DIVAR IP 5000 Software: Video Recording Manager (VRM) Bosch Video Management System (BVMS)	Title Open Redirect Vulnerability in Video Recording Manager	Publication Date 2019-04-03	Last Update 2019-04-03
Security Advisory ID BOSCH-2019-0204	Assigned CVE IDs CVE-2019-7729	CVSS Score* 4.8	Affected Products Smart Camera App for Android < 1.3.1	Title Insecure Permissions in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0202	Assigned CVE IDs CVE-2019-7728	CVSS Score* 8.3	Affected Products Smart Camera App for Android < 1.3.1	Title Improper Certificate Validation in Smart Camera App for Android	Publication Date 2019-02-22	Last Update 2019-02-22
Security Advisory ID BOSCH-2019-0201	Assigned CVE IDs	CVSS Score* 9.8	Affected Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2019-02-18	Last Update 2019-02-18
Security Advisory ID BOSCH-2019-0101-BT	Assigned CVE IDs	CVSS Score* 10	Affected Products Bosch digital recorder DVR 400 & 600 series	Title DIVAR 400 & 600 series Vulnerability	Publication Date 2019-01-22	Last Update 2019-01-22

2018

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2018-1203	Assigned CVE IDs CVE-2018-20299	CVSS Score* 9.4	Affected Products 360° Indoor Camera < 6.52.4 Eyes Outdoor Camera < 6.52.4	Title Bosch Smart Home Camera Vulnerability	Publication Date 2018-12-18	Last Update 2018-12-20
Security Advisory ID BOSCH-2018-1202-BT	Assigned CVE IDs CVE-2018-19036	CVSS Score* 9.4	Affected Products AUTODOME IP AVIOTEC IP DINION HD DINION IP EXTEGRA IP FLEXIDOME HD Vandal-proof FLEXIDOME HD FLEXIDOME IP IP bullet IP micro MIC IP TINYON IP	Title Bosch IP Camera Vulnerability	Publication Date 2018-12-12	Last Update 2022-02-10
Security Advisory ID BOSCH-2018-1201	Assigned CVE IDs	CVSS Score* 6.5	Affected Products Access Easy Controller 2.1	Title Bosch Access Easy Controller 2.1	Publication Date 2018-12-03	Last Update 2018-12-03
Security Advisory ID BOSCH-2018-1101	Assigned CVE IDs	CVSS Score* 9.8	Affected Products All projects created with WinStudio versions prior to 7.4 SP1 All projects created with IndraWorks versions prior to 15V02	Title Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory	Publication Date 2018-11-27	Last Update 2018-11-27

2017

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2017-0201	Assigned CVE IDs	CVSS Score* 6.5	Affected Products Bosch Drivelog Connector	Title Bosch Drivelog Connector	Publication Date 2017-04-13	Last Update 2017-04-13
Security Advisory ID BOSCH-2016-0501	Assigned CVE IDs	CVSS Score* 2.9	Affected Products Bosch BMA222E	Title Bosch BMA222E Acoustic Resonance Interference	Publication Date 2017-03-14	Last Update 2017-03-14

2016

Security Advisory ID	Assigned CVE IDs	CVSS Score*	Affected Products	Title	Publication Date	Last Update
Security Advisory ID BOSCH-2016-0701	Assigned CVE IDs	CVSS Score* 6.4	Affected Products Bosch Rexroth BLADEcontrol-WebVIS	Title Bosch Rexroth BLADEcontrol-WebVIS	Publication Date 2016-07-22	Last Update 2017-03-14

Atom / RSS Feeds

Subscribe to our feed(s) to be notified about new Security Advisories.

Bosch PSIRT

E-mail

psirt@bosch.com

Report a Vulnerability here

View Security Advisories

Bosch PSIRT public keys

Search our S/MIME key here
_{Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0}

Find our PGP Key here
_{Fingerprint: F355 92D1 0BB0 617E FA47 3C9D E8F9 BF8B B992 610A}