Skip to main

Bosch PSIRT Security Advisories

Information about security vulnerabilities affecting Bosch products.

2024

Security Advisory ID Assigned CVE IDs CVSS Score* Affected Bosch Products Title Publication Date Last Update
Security Advisory ID Assigned CVE IDs

  • CVE-2024-45490
  • CVE-2024-45491
  • CVE-2024-45492

CVSS Score*
9.8
Affected Bosch Products

  • Bosch Rexroth AG PRC7000

Title
Multiple vulnerabilites in libexpat affecting PRC7000
Publication Date
2024-10-02
Last Update
2024-10-02
Security Advisory ID Assigned CVE IDs

  • CVE-2024-98763

CVSS Score*
8.4
Affected Bosch Products

  • Bosch Bosch Configuration Manager

Title
Sensitive information disclosure in Bosch Configuration Manager
Publication Date
2024-10-01
Last Update
2024-10-01
Security Advisory ID Assigned CVE IDs

  • CVE-2022-98765

CVSS Score*
7.5
Affected Bosch Products

  • Bosch Camera Firmware

Title
Unauthenticated information leak in Bosch IP cameras
Publication Date
2024-08-21
Last Update
2024-08-21
Security Advisory ID Assigned CVE IDs

  • CVE-2023-46218
  • CVE-2023-46219
  • CVE-2024-2004
  • CVE-2024-2398

CVSS Score*
8.6
Affected Bosch Products

  • Bosch DIVAR IP all-in-one 4000 (DIP-44xx)
  • Bosch DIVAR IP all-in-one 6000 (DIP-64xx)
  • Bosch DIVAR IP all-in-one 7000 (DIP-74xx)
  • Bosch DIVAR IP all-in-one 7000 R3 (DIP-73xx)
  • Bosch DIVAR IP all-in-one 7000 (DIP-72xx)
  • Bosch DIVAR IP all-in-one 5000 (DIP-52xx)


Title
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Publication Date
2024-08-07
Last Update
2024-08-07
Security Advisory ID Assigned CVE IDs

  • CVE-2024-6387

CVSS Score*
8.1
Affected Bosch Products

  • Bosch Rexroth AG PRC7000

Title
"regreSSHion" OpenSSH vulnerability in PRC7000
Publication Date
2024-07-19
Last Update
2024-07-19
Security Advisory ID Assigned CVE IDs

  • CVE-2023-52709

CVSS Score*
6.5
Affected Bosch Products

  • Texas Instruments SIMPLELINK-CC13XX-CC26XX-SDK: SimpleLink™ CC13xx and CC26xx software development kit (SDK)

Title
TI Bluetooth stack can fail to generate a resolvable Random Private Address (RPA) leading to DoS for already bonded peer devices
Publication Date
2024-05-28
Last Update
2024-05-31
Security Advisory ID Assigned CVE IDs

  • CVE-2024-25104
  • CVE-2024-25105

CVSS Score*
9.8
Affected Bosch Products

  • Bosch Praesensa Logging Application
  • Bosch Praesideo Logging Application
  • Bosch Praesideo PC Call Station

Title
Remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station
Publication Date
2024-05-15
Last Update
2024-05-15
Security Advisory ID Assigned CVE IDs

  • CVE-2024-25002

CVSS Score*
8.8
Affected Bosch Products

  • Bosch Network Synchronizer Enterprise
  • Bosch Network Synchronizer Standard

Title
Command Injection in Bosch Network Synchronizer
Publication Date
2024-03-20
Last Update
2024-04-24
Security Advisory ID Assigned CVE IDs

  • CVE-2023-49263
  • CVE-2023-49264
  • CVE-2023-49265
  • CVE-2023-49266
  • CVE-2023-49267

CVSS Score*
7.3
Affected Bosch Products

  • Bosch Remote Programing Software (RPS Lite)
  • Bosch Remote Programing Software (RPS)

Title
RPS and RPS-LITE operator and communication process vulnerabilities.
Publication Date
2024-03-13
Last Update
2024-03-13
Security Advisory ID Assigned CVE IDs

  • CVE-2021-27033
  • CVE-2021-27034
  • CVE-2021-27035
  • CVE-2021-27036
  • CVE-2021-27037
  • CVE-2021-27038
  • CVE-2021-27039

CVSS Score*
7.8
Affected Bosch Products

  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Bosch DIVAR IP 7000 R2
  • Bosch Bosch DIVAR IP all-in-one 5000
  • Bosch Bosch DIVAR IP all-in-one 7000
  • Bosch Bosch DIVAR IP all-in-one 7000 R3

Title
BVMS affected by Autodesk Design Review Multiple Vulnerabilities
Publication Date
2024-03-13
Last Update
2024-03-13
Security Advisory ID Assigned CVE IDs

  • Multiple CVEs in 3rd party components

CVSS Score*
9.8
Affected Bosch Products

  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
  • Bosch DIVAR IP all-in-one 7000 R3
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 6000

Title
Multiple OpenSSL vulnerabilities in BVMS
Publication Date
2024-03-06
Last Update
2024-03-06
Security Advisory ID Assigned CVE IDs

  • Multiple CVEs in 3rd party components

CVSS Score*
9.8
Affected Bosch Products

  • Bosch Bosch DIVAR IP all-in-one 4000 (DIP-44xx)
  • Bosch Bosch DIVAR IP all-in-one 5000 (DIP-52xx)
  • Bosch Bosch DIVAR IP all-in-one 6000 (DIP-64xx)
  • Bosch Bosch DIVAR IP all-in-one 7000 (DIP-72xx)
  • Bosch Bosch DIVAR IP all-in-one 7000 R3 (DIP-73xx)

Title
Git for Windows Multiple Security Vulnerabilities in Bosch DIVAR IP all-in-one Devices
Publication Date
2024-03-06
Last Update
2024-03-06
Security Advisory ID Assigned CVE IDs

  • CVE-2023-49722

CVSS Score*
8.3
Affected Bosch Products

  • Bosch BCC101
  • Bosch BCC102
  • Bosch BCC50

Title
Open Port 8899 in BCC Thermostat Product
Publication Date
2024-01-09
Last Update
2024-01-09
Security Advisory ID Assigned CVE IDs

  • CVE-2023-48242
  • CVE-2023-48243
  • CVE-2023-48244
  • CVE-2023-48245
  • CVE-2023-48246
  • CVE-2023-48247
  • CVE-2023-48248
  • CVE-2023-48249
  • CVE-2023-48250
  • CVE-2023-48251
  • CVE-2023-48252
  • CVE-2023-48253
  • CVE-2023-48254
  • CVE-2023-48255
  • CVE-2023-48256
  • CVE-2023-48257
  • CVE-2023-48258
  • CVE-2023-48259
  • CVE-2023-48260
  • CVE-2023-48261
  • CVE-2023-48262
  • CVE-2023-48263
  • CVE-2023-48264
  • CVE-2023-48265
  • CVE-2023-48266

CVSS Score*
8.8
Affected Bosch Products

  • Rexroth Nexo cordless nutrunner NXA011S-36V (0608842011)
  • Rexroth Nexo cordless nutrunner NXA011S-36V-B (0608842012)
  • Rexroth Nexo cordless nutrunner NXA015S-36V (0608842001)
  • Rexroth Nexo cordless nutrunner NXA015S-36V-B (0608842006)
  • Rexroth Nexo cordless nutrunner NXA030S-36V (0608842002)
  • Rexroth Nexo cordless nutrunner NXA030S-36V-B (0608842007)
  • Rexroth Nexo cordless nutrunner NXA050S-36V (0608842003)
  • Rexroth Nexo cordless nutrunner NXA050S-36V-B (0608842008)
  • Rexroth Nexo cordless nutrunner NXA065S-36V (0608842013)
  • Rexroth Nexo cordless nutrunner NXA065S-36V-B (0608842014)
  • Rexroth Nexo cordless nutrunner NXP012QD-36V (0608842005)
  • Rexroth Nexo cordless nutrunner NXP012QD-36V-B (0608842010)
  • Rexroth Nexo cordless nutrunner NXV012T-36V (0608842015)
  • Rexroth Nexo cordless nutrunner NXV012T-36V-B (0608842016)
  • Rexroth Nexo special cordless nutrunner (0608PE2272)
  • Rexroth Nexo special cordless nutrunner (0608PE2301)
  • Rexroth Nexo special cordless nutrunner (0608PE2514)
  • Rexroth Nexo special cordless nutrunner (0608PE2515)
  • Rexroth Nexo special cordless nutrunner (0608PE2666)
  • Rexroth Nexo special cordless nutrunner (0608PE2673)

Title
Multiple vulnerabilities in Nexo cordless nutrunner
Publication Date
2024-01-08
Last Update
2024-01-29
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2023

Security Advisory ID Assigned CVE IDs CVSS Score* Affected Bosch Products Title Publication Date Last Update
Security Advisory ID Assigned CVE IDs

  • CVE-2023-39509

CVSS Score*
7.2
Affected Bosch Products

  • Bosch Camera Firmware

Title
Command injection vulnerability in Bosch IP Cameras
Publication Date
2023-12-13
Last Update
2023-12-13
Security Advisory ID Assigned CVE IDs

  • CVE-2023-32230
  • CVE-2023-35867

CVSS Score*
7.5
Affected Bosch Products

  • Bosch BIS Video Engine
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Configuration Manager
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 6000
  • Bosch DIVAR IP all-in-one 7000
  • Bosch DIVAR IP all-in-one 7000 R3
  • Bosch Intelligent Insights
  • Bosch Monitorwall
  • Bosch ONVIF Camera Event Driver Tool
  • Bosch Project Assistant
  • Bosch VJD-7513
  • Bosch VJD-7523
  • Bosch Video Recording Manager
  • Bosch Video Security Client
  • Bosch Video Streaming Gateway

Title
Denial of Service vulnerability in Bosch BT software products
Publication Date
2023-12-13
Last Update
2023-12-13
Security Advisory ID Assigned CVE IDs

  • CVE-2023-5246

CVSS Score*
8.8
Affected Bosch Products

  • Rexroth SLC-0-GPNT00300

Title
Vulnerability in SICK Flexi Soft Gateway
Publication Date
2023-10-24
Last Update
2023-10-24
Security Advisory ID Assigned CVE IDs

  • CVE-2023-41255
  • CVE-2023-41372
  • CVE-2023-41960
  • CVE-2023-43488
  • CVE-2023-45220
  • CVE-2023-45321
  • CVE-2023-45844
  • CVE-2023-45851
  • CVE-2023-46102

CVSS Score*
8.8
Affected Bosch Products

  • Rexroth ctrlX HMI / WR21 (WR2107)
  • Rexroth ctrlX HMI / WR21 (WR2110)
  • Rexroth ctrlX HMI / WR21 (WR2115)

Title
Multiple vulnerabilities on ctrlX HMI / WR21
Publication Date
2023-10-20
Last Update
2023-11-21
Security Advisory ID Assigned CVE IDs

  • CVE-2023-34999

CVSS Score*
8.4
Affected Bosch Products

  • RTS VLink Virtual Matrix Software

Title
Remote Code Execution in RTS VLink Virtual Matrix
Publication Date
2023-08-30
Last Update
2023-08-30
Security Advisory ID Assigned CVE IDs

  • Multiple CVEs in 3rd party components

CVSS Score*
9.8
Affected Bosch Products

  • Bosch PRA-ES8P2S

Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication Date
2023-07-26
Last Update
2023-07-26
Security Advisory ID Assigned CVE IDs

  • CVE-2023-23444

CVSS Score*
7.5
Affected Bosch Products

  • Bosch Rexroth SLC-0-GPNT00300

Title
Vulnerability in the interface module SLC-0-GPNT00300
Publication Date
2023-07-04
Last Update
2023-07-04
Security Advisory ID Assigned CVE IDs

  • CVE-2022-4304
  • CVE-2023-2673

CVSS Score*
5.9
Affected Bosch Products

  • Bosch Rexroth FL MGUARD DELTA TX/T& (R911173817)
  • Bosch Rexroth FL MGUARD RS2000 4G & (R913066122)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913056204)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913058931)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R901351745)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R911173814)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913050362)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913051602)
  • Bosch Rexroth FL MGUARD SMART2 VPN (R911173818)
  • Bosch Rexroth TC MGUARD RS2000 3G & (R911173815)
  • Bosch Rexroth TC MGUARD RS4000 3G & (R911173816)
  • Bosch Rexroth TC MGUARD RS4000 4G & (R901541498)

Title
Security Advisory for the FL MGUARD family of devices
Publication Date
2023-07-04
Last Update
2023-07-04
Security Advisory ID Assigned CVE IDs

  • CVE-2023-29241

CVSS Score*
8.1
Affected Bosch Products

  • Bosch BIS

Title
Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share
Publication Date
2023-06-28
Last Update
2023-06-28
Security Advisory ID Assigned CVE IDs

  • CVE-2022-41677

CVSS Score*
5.3
Affected Bosch Products

  • Bosch Camera Firmware

Title
Information Disclosure Vulnerability in Bosch IP cameras
Publication Date
2023-06-28
Last Update
2023-12-13
Security Advisory ID Assigned CVE IDs

  • CVE-2023-32229

CVSS Score*
4.9
Affected Bosch Products

  • Bosch Camera Firmware

Title
Possible damage of secure element in Bosch IP cameras
Publication Date
2023-05-31
Last Update
2023-05-31
Security Advisory ID Assigned CVE IDs

  • CVE-2021-26701

CVSS Score*
9.8
Affected Bosch Products

  • Bosch AMS
  • Bosch BIS
  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Bosch DIVAR IP 7000 R2
  • Bosch Bosch DIVAR IP all-in-one 5000
  • Bosch Bosch DIVAR IP all-in-one 7000
  • Bosch Bosch DIVAR IP all-in-one 7000 R3
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 6000

Title
.NET Remote Code Execution Vulnerability in BVMS, BIS and AMS
Publication Date
2023-05-24
Last Update
2023-05-24
Security Advisory ID Assigned CVE IDs

  • CVE-2023-32228

CVSS Score*
4.6
Affected Bosch Products

  • Bosch AMS
  • Bosch BIS

Title
Vulnerability in Wiegand card data interpretation
Publication Date
2023-05-24
Last Update
2023-05-24
Security Advisory ID Assigned CVE IDs

  • CVE-2023-28175

CVSS Score*
7.1
Affected Bosch Products

  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Bosch DIVAR IP 3000
  • Bosch Bosch DIVAR IP 7000 R1
  • Bosch Bosch DIVAR IP 7000 R2
  • Bosch Bosch DIVAR IP all-in-one 5000
  • Bosch Bosch DIVAR IP all-in-one 7000
  • Bosch Bosch DIVAR IP all-in-one 7000 R3
  • Bosch DIVAR IP all-in-one 4000
  • Bosch DIVAR IP all-in-one 6000

Title
Unrestricted SSH port forwarding in BVMS
Publication Date
2023-05-24
Last Update
2023-05-24
Security Advisory ID Assigned CVE IDs

  • CVE-2023-23451

CVSS Score*
9.8
Affected Bosch Products

  • Bosch Rexroth SLC-0-GPNT00300

Title
Use of Telnet in the interface module SLC-0-GPNT00300
Publication Date
2023-04-28
Last Update
2023-04-28
Security Advisory ID Assigned CVE IDs

  • CVE-2022-47648

CVSS Score*
7.6
Affected Bosch Products

  • Bosch B420

Title
Insecure authentication in B420 legacy communication module
Publication Date
2023-04-26
Last Update
2023-04-26
Security Advisory ID Assigned CVE IDs

  • CVE-2022-3480

CVSS Score*
7.5
Affected Bosch Products

  • Bosch Rexroth FL MGUARD DELTA TX/T& (R911173817)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913056204)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913058931)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R901351745)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R911173814)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R913076699)
  • Bosch Rexroth FL MGUARD RS4000 VPN& (R901352542)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913050362)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913051602)
  • Bosch Rexroth FL MGUARD SMART2 VPN& (R911173818)
  • Bosch Rexroth TC MGUARD RS2000 3G & (R911173815)
  • Bosch Rexroth TC MGUARD RS2000 4G & (R913066122)
  • Bosch Rexroth TC MGUARD RS4000 3G & (R911173816)
  • Bosch Rexroth TC MGUARD RS4000 4G & (R901541498)

Title
Vulnerability in routers FL MGUARD and TC MGUARD
Publication Date
2023-03-03
Last Update
2023-03-03
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2022

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs

  • Multiple CVEs in 3rd party components (see Advisory)

CVSS
Score*
9.8
Affected Products

  • Bosch PRA-ES8P2S

Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication
Date
2022-11-23
Last Update
2023-06-28
Security Advisory ID Assigned CVE IDs

  • CVE-2022-40183
  • CVE-2022-40184

CVSS
Score*
5.8
Affected Products

  • Bosch VIDEOJET multi 4000

Title
Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000
Publication
Date
2022-10-19
Last Update
2023-01-18
Security Advisory ID Assigned CVE IDs

  • Multiple CVEs in 3rd party components (see Advisory)

CVSS
Score*
9.8
Affected Products

  • Bosch DSA E2800
  • Bosch DSA E2800 Base units
  • Bosch DSA E2800 Dual Controllers

Title
Multiple Vulnerabilities in NetApp DSA E2800 series
Publication
Date
2022-10-19
Last Update
2022-12-07
Security Advisory ID Assigned CVE IDs

  • CVE-2022-32540

CVSS
Score*
7.4
Affected Products

  • Bosch BVMS
  • Bosch VJD-7513

Title
Information Disclosure in VIDEOJET Decoder and Operator Client application in BVMS
Publication
Date
2022-09-21
Last Update
2022-09-21
Security Advisory ID Assigned CVE IDs

  • CVE-2022-27579
  • CVE-2022-27580

CVSS
Score*
7.8
Affected Products

  • Bosch Rexroth AG SafeLogic Designer

Title
SafeLogic Designer vulnerabilities
Publication
Date
2022-08-11
Last Update
2022-08-11
Security Advisory ID Assigned CVE IDs

  • CVE-2022-36301
  • CVE-2022-36302

CVSS
Score*
9.8
Affected Products

  • Bosch BF-OS

Title
Multiple Vulnerabilities in BF-OS
Publication
Date
2022-08-01
Last Update
2022-11-03
Security Advisory ID Assigned CVE IDs

  • CVE-2022-32534
  • CVE-2022-32535
  • CVE-2022-32536
  • Multiple CVEs in 3rd party components

CVSS
Score*
9.8
Affected Products

  • Bosch PRA-ES8P2S

Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Publication
Date
2022-06-22
Last Update
2023-02-08
Security Advisory ID Assigned CVE IDs

  • CVE-2022-22513
  • CVE-2022-22514
  • CVE-2022-22515
  • CVE-2022-22517
  • CVE-2022-22519

CVSS
Score*
8.1
Affected Products

  • Bosch Rexroth IndraLogic
  • Bosch Rexroth IndraMotion MLC
  • Bosch Rexroth IndraMotion MLD
  • Bosch Rexroth IndraMotion MTX
  • Bosch Rexroth ctrlX CORE PLC

Title
Vulnerabilities in the communication protocol of the PLC runtime
Publication
Date
2022-05-02
Last Update
2022-10-11
Security Advisory ID Assigned CVE IDs

  • CVE-2022-0778

CVSS
Score*
7.5
Affected Products

  • Bosch Rexroth FL MGUARD DELTA TX/T& (R911173817)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913056204)
  • Bosch Rexroth FL MGUARD RS2000 TX/& (R913058931)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R901351745)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R911173814)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R913073676)
  • Bosch Rexroth FL MGUARD RS4000 TX/& (R913076699)
  • Bosch Rexroth FL MGUARD RS4000 VPN& (R901352542)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913050362)
  • Bosch Rexroth FL MGUARD RS4004 TX/& (R913051602)
  • Bosch Rexroth FL MGUARD SMART2 VPN& (R911173818)
  • Bosch Rexroth FL MGUARD SMART2 VPN& (R913073677)
  • Bosch Rexroth TC MGUARD RS2000 3G & (R911173815)
  • Bosch Rexroth TC MGUARD RS2000 4G & (R913066122)
  • Bosch Rexroth TC MGUARD RS4000 3G & (R911173816)
  • Bosch Rexroth TC MGUARD RS4000 4G & (R901541498)

Title
Vulnerability in routers FL MGUARD and TC MGUARD
Publication
Date
2022-04-27
Last Update
2022-04-27
Security Advisory ID Assigned CVE IDs

  • CVE-2022-22965

CVSS
Score*
9.8
Affected Products

  • Bosch MATRIX

Title
Improper Control of Generation of Code in Bosch MATRIX
Publication
Date
2022-04-27
Last Update
2022-04-27
Security Advisory ID Assigned CVE IDs

  • CVE-2016-10228
  • CVE-2019-25013
  • CVE-2020-27618
  • CVE-2020-29562
  • CVE-2020-6096
  • CVE-2021-27645
  • CVE-2021-3326
  • CVE-2021-35942
  • CVE-2021-3998
  • CVE-2021-3999
  • CVE-2021-45960
  • CVE-2021-46143
  • CVE-2022-0778
  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2022-22825
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2022-23218
  • CVE-2022-23219
  • CVE-2022-23852
  • CVE-2022-23990
  • CVE-2022-25235
  • CVE-2022-25236

CVSS
Score*
9.8
Affected Products

  • Bosch Rexroth ctrlX CORE
  • Bosch Rexroth ctrlX CORE (LTS)
  • Bosch Rexroth ctrlX CORE (Node-Red)
  • Bosch Rexroth ctrlX CORE (Node-Red) (LTS)

Title
Multiple ctrlX CORE vulnerabilities
Publication
Date
2022-04-20
Last Update
2022-04-20
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23850
  • CVE-2021-23851

CVSS
Score*
6.8
Affected Products

  • Bosch CPP Firmware

Title
Buffer Overflow Vulnerability in Recovery Image
Publication
Date
2022-03-30
Last Update
2022-09-07
Security Advisory ID Assigned CVE IDs

  • CVE-2018-1285

CVSS
Score*
9.8
Affected Products

  • Bosch FSM-10000 Client
  • Bosch FSM-10000 Server
  • Bosch FSM-10k Client
  • Bosch FSM-10k Server
  • Bosch FSM-2500 Client
  • Bosch FSM-2500 Server
  • Bosch FSM-5000 Client
  • Bosch FSM-5000 Server

Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Publication
Date
2022-03-23
Last Update
2024-07-03
Security Advisory ID Assigned CVE IDs

  • CVE-2018-1285

CVSS
Score*
9.8
Affected Products

  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000

Title
Improper Restriction of XML External Entity Reference in BVMS
Publication
Date
2022-03-16
Last Update
2022-03-16
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23863

CVSS
Score*
6.1
Affected Products

  • Bosch Video Security Android Application

Title
Injection of arbitrary HTML code in Bosch Video Security Android App
Publication
Date
2022-01-26
Last Update
2022-09-07
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23842
  • CVE-2021-23843

CVSS
Score*
8.8
Affected Products

  • Bosch AMC2
  • Bosch AMS
  • Bosch APE
  • Bosch BIS

Title
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)
Publication
Date
2022-01-19
Last Update
2022-01-28
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2021

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs

  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-45105

CVSS
Score*
10.0
Affected Products

  • Bosch PRA-APAS

Title
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS)
Publication
Date
2021-12-22
Last Update
2021-12-22
Security Advisory ID Assigned CVE IDs

  • CVE-2021-44228
  • CVE-2021-44832
  • CVE-2021-45046
  • CVE-2021-45105

CVSS
Score*
9.0
Affected Products

  • Bosch Rexroth IoT Gateway for Ubuntu Core (PR21 Hardware)
  • Bosch Rexroth IoT Gateway for Windows (based on Felix OSGi)
  • Bosch Rexroth IoT Gateway for Windows (based on mbs OSGi)

Title
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Publication
Date
2021-12-21
Last Update
2022-01-10
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23859
  • CVE-2021-23860
  • CVE-2021-23861
  • CVE-2021-23862

CVSS
Score*
9.1
Affected Products

  • Bosch AEC
  • Bosch APE
  • Bosch BIS
  • Bosch BVMS
  • Bosch DIVAR IP 7000 R2
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP all-in-one 7000
  • Bosch VJD-7513
  • Bosch VJD-8000
  • Bosch VRM
  • Bosch VRM Exporter

Title
Multiple Vulnerabilities in Bosch BT software products
Publication
Date
2021-12-08
Last Update
2021-12-08
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23855
  • CVE-2021-23856
  • CVE-2021-23857
  • CVE-2021-23858

CVSS
Score*
10.0
Affected Products

  • Rexroth IndraMotion MLC IndraMotion XLC
  • Rexroth IndraMotion MLC L20, L40
  • Rexroth IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC
  • Rexroth IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraMotion XLC

Title
Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series
Publication
Date
2021-10-04
Last Update
2022-08-25
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23849

CVSS
Score*
7.5
Affected Products

  • Bosch CPP Firmware

Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Publication
Date
2021-08-04
Last Update
2021-10-07
Security Advisory ID Assigned CVE IDs

  • CVE-2021-30186
  • CVE-2021-30188
  • CVE-2021-30189
  • CVE-2021-30190
  • CVE-2021-30191
  • CVE-2021-30192
  • CVE-2021-30193
  • CVE-2021-30194
  • CVE-2021-30195

CVSS
Score*
9.8
Affected Products

  • Bosch Rexroth CS351E-D IL
  • Bosch Rexroth CS351E-G IL
  • Bosch Rexroth CS351S-D IL
  • Bosch Rexroth CS351S-G IL
  • Bosch Rexroth KE350G IL

Title
Vulnerabilities in CODESYS V2 runtime systems
Publication
Date
2021-07-20
Last Update
2021-07-20
Security Advisory ID Assigned CVE IDs

  • CVE-2021-30186
  • CVE-2021-30188
  • CVE-2021-30195

CVSS
Score*
9.8
Affected Products

  • Bosch Rexroth IndraLogic
  • Bosch Rexroth IndraMotion MLC
  • Bosch Rexroth IndraMotion MLD
  • Bosch Rexroth IndraMotion MTX
  • Bosch Rexroth SYNAX
  • Bosch Rexroth Visual Motion

Title
Vulnerabilities in CODESYS V2 runtime systems
Publication
Date
2021-07-09
Last Update
2021-07-09
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23847
  • CVE-2021-23848
  • CVE-2021-23852
  • CVE-2021-23853
  • CVE-2021-23854

CVSS
Score*
9.8
Affected Products

  • Bosch CPP Firmware

Title
Multiple vulnerabilities in Bosch IP cameras
Publication
Date
2021-06-09
Last Update
2021-06-09
Security Advisory ID Assigned CVE IDs

  • CVE-2021-23845
  • CVE-2021-23846

CVSS
Score*
8.8
Affected Products

  • Bosch B426 Firmware
  • Bosch B426-CN/B429- CN Firmware
  • Bosch B426-M Firmware
  • Bosch B426 Firmware

Title
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Publication
Date
2021-05-28
Last Update
2023-02-03
Security Advisory ID Assigned CVE IDs

  • CVE-2021-29242

CVSS
Score*
7.3
Affected Products

  • Bosch Rexroth IndraMotion MLC
  • Bosch Rexroth IndraMotion MLD
  • Bosch Rexroth IndraMotion MTX
  • Bosch Rexroth ctrlX CORE PLC App

Title
Vulnerability in the routing protocol of the PLC runtime
Publication
Date
2021-05-19
Last Update
2021-05-19
Security Advisory ID Assigned CVE IDs

  • CVE-2020-26116
  • CVE-2020-27619
  • CVE-2021-23336
  • CVE-2021-23840
  • CVE-2021-23841
  • CVE-2021-3177
  • CVE-2021-3449

CVSS
Score*
9.8
Affected Products

  • ctrlX CORE - IDE App

Title
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Publication
Date
2021-04-30
Last Update
2021-04-30
Security Advisory ID Assigned CVE IDs

  • n/a

CVSS
Score*
n/a
Affected Products

  • Rexroth R-IL ETH BK DI8 DO4 2TX-PAC
  • Rexroth R-IL PN BK DI8 DO4-PAC
  • Rexroth R-IL S3 BK DI8 DO4-PAC
  • Rexroth S20-EC-BK
  • Rexroth S20-EIP-BK
  • Rexroth S20-ETH-BK
  • Rexroth S20-PN-BK+
  • Rexroth S20-S3-BK+

Title
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Publication
Date
2021-04-30
Last Update
2021-04-30
Security Advisory ID Assigned CVE IDs

  • CVE-2020-27815
  • CVE-2020-27830
  • CVE-2020-28374
  • CVE-2020-28941
  • CVE-2020-29568
  • CVE-2020-29569
  • CVE-2020-29660
  • CVE-2020-29661
  • CVE-2021-20232
  • CVE-2021-24031
  • CVE-2021-24032
  • CVE-2021-27218
  • CVE-2021-27219
  • CVE-2021-27803

CVSS
Score*
9.1
Affected Products

  • Rexroth IoT Gateway
  • ctrlX CORE Runtime

Title
ctrlX Multiple Vulnerabilities
Publication
Date
2021-04-23
Last Update
2021-04-23
Security Advisory ID Assigned CVE IDs

  • CVE-2021-20987

CVSS
Score*
7.5
Affected Products

  • Bosch Rexroth ActiveMover

Title
Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol
Publication
Date
2021-03-31
Last Update
2021-03-31
Security Advisory ID Assigned CVE IDs

  • CVE-2021-20986

CVSS
Score*
7.5
Affected Products

  • Bosch Rexroth ActiveMover with firmware version

Title
Denial of Service in Rexroth ActiveMover using Profinet protocol
Publication
Date
2021-03-31
Last Update
2022-01-26
Security Advisory ID Assigned CVE IDs

  • CVE-2020-6771
  • CVE-2020-6785
  • CVE-2020-6786
  • CVE-2020-6787
  • CVE-2020-6788
  • CVE-2020-6789
  • CVE-2020-6790

CVSS
Score*
7.8
Affected Products

  • Bosch BVMS
  • Bosch BVMS Viewer
  • Bosch Configuration Manager
  • Bosch DIVAR IP 7000 R2
  • DIVAR IP all-in-one 5000
  • DIVAR IP all-in-one 7000
  • Bosch IP Helper
  • Bosch Monitor Wall
  • Bosch Video Client
  • Bosch Video Recording Manager
  • Bosch Video Streaming Gateway

Title
Uncontrolled Search Path Element in Multiple Bosch Products
Publication
Date
2021-03-24
Last Update
2021-03-30
Security Advisory ID Assigned CVE IDs

  • CVE-2021-3011

CVSS
Score*
4.2
Affected Products

  • Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3

Title
Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders
Publication
Date
2021-03-03
Last Update
2021-03-03
Security Advisory ID Assigned CVE IDs

  • CVE-2020-29661
  • CVE-2021-3156
  • CVE-2021-3347

CVSS
Score*
7.8
Affected Products

  • Rexroth IoT Gateway
  • ctrlX CORE Runtime

Title
Privilege Escalation via sudo and Linux kernel in Bosch Rexroth Products
Publication
Date
2021-02-24
Last Update
2021-02-24
Security Advisory ID Assigned CVE IDs

  • CVE-2020-25159

CVSS
Score*
9.8
Affected Products

  • Rexroth ID 200/C-ETH

Title
Denial of Service in Rexroth ID 200/C-ETH using EtherNet/IP Protocol
Publication
Date
2021-01-27
Last Update
2021-01-27
Security Advisory ID Assigned CVE IDs

  • CVE-2020-6779
  • CVE-2020-6780

CVSS
Score*
10
Affected Products

  • Bosch FSM-2500
  • Bosch FSM-5000

Title
Two Vulnerabilities in Bosch Fire Monitoring System (FSM)
Publication
Date
2021-01-20
Last Update
2024-07-03
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2020

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products           Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVE-2020-1971
CVSS
Score*
5.9
Affected Products          

  • ctrlX CORE Runtime
  • ctrlX WORKS
  • ctrlX CORE OPC UA Client
  • ctrlX CORE OPC UA Server

Title
ctrlX Products affected by OpenSSL Vulnerability CVE-2020-1971
Publication
Date
2020-12-18
Last Update
2021-01-21
Security Advisory ID Assigned CVE IDs
CVE-2019-5105
CVE-2020-7052
CVSS
Score*
7.5
Affected Products          

  • Rexroth IndraMotion MTX
  • Rexroth IndraMotion MLC
  • Rexroth IndraMotion MLD

Title
Denial of Service in PLC Runtime affecting Rexroth IndraMotion Products
Publication
Date
2020-12-16
Last Update
2020-12-16
Security Advisory ID Assigned CVE IDs
CVE-2019-18858
CVE-2019-5105
CVE-2019-9010
CVE-2019-9012
CVE-2019-9013
CVE-2020-10245
CVSS
Score*
10.0
Affected Products          

  • Rexroth PRC7000

Title
Multiple Vulnerabilities in 3S CODESYS Runtime in Rexroth PRC7000
Publication
Date
2020-12-16
Last Update
2020-12-16
Security Advisory ID Assigned CVE IDs
CVE-2019-0708
CVSS
Score*
9.8
Affected Products          

  • Rexroth VEP15.6
  • Rexroth VEP21.6
  • Rexroth VEP30.5
  • Rexroth VEP40.5
  • Rexroth VEP50.5
  • Rexroth VPB40.3
  • Rexroth VPB40.4
  • Rexroth VPP16
  • Rexroth VPP40
  • Rexroth VPP60

Title
Remote Desktop Services Remote Code Execution Vulnerability in Rexroth Industrial PCs
Publication
Date
2020-10-13
Last Update
2020-10-13
Security Advisory ID Assigned CVE IDs
CVE-2020-6776
CVE-2020-6777
CVE-2020-15688
CVSS
Score*
8.8
Affected Products          

  • Bosch PRAESENSA
  • Bosch PRAESIDEO

Title
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
Publication
Date
2020-09-30
Last Update
2020-09-30
Security Advisory ID Assigned CVE IDs
CVE-2020-14513
CVE-2020-14519
CVE-2020-14509
CVE-2020-14517
CVE-2020-16233
CVE-2020-14515
CVSS
Score*
10.0
Affected Products          

  • Rexroth ActiveAssist Tool localization extension module
  • Rexroth Laser Localization Software

Title
WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products
Publication
Date
2020-09-25
Last Update
2020-09-25
Security Advisory ID Assigned CVE IDs
CVE-2020-6781
CVSS
Score*
6.8
Affected Products          

  • Bosch Smart Home iOS App

Title
Improper Certificate Validation in Bosch Smart Home System App for iOS
Publication
Date
2020-08-25
Last Update
2020-08-25
Security Advisory ID Assigned CVE IDs
CVE-2017-0144
CVE-2019-0708
CVE-2020-6774
CVSS
Score*
9.8
Affected Products          

  • Bosch Recording Station

Title
Multiple Vulnerabilities in Bosch Recording Station (BRS)
Publication
Date
2020-05-27
Last Update
2020-05-27
Security Advisory ID Assigned CVE IDs
CVE-2018-16994
CVSS
Score*
7.5
Affected Products          

  • Rexroth S20-PN-BK+
  • Rexroth S20-ETH-BK

Title
Denial of Service in Rexroth Fieldbus Coupler S20-PN-BK+/S20-ETH-BK
Publication
Date
2020-03-16
Last Update
2020-03-16
Security Advisory ID Assigned CVE IDs
CVE-2020-6770
CVSS
Score*
10.0
Affected Products          

  • Bosch BVMS Mobile Video Service
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000

Title
Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service
Publication
Date
2020-01-29
Last Update
2020-01-29
Security Advisory ID Assigned CVE IDs
CVE-2020-6769
CVSS
Score*
10.0
Affected Products          

  • Bosch Video Streaming Gateway
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000

Title
Missing Authentication for Critical Function in Bosch Video Streaming Gateway
Publication
Date
2020-01-29
Last Update
2020-01-29
Security Advisory ID Assigned CVE IDs
CVE-2020-6768
CVSS
Score*
8.6
Affected Products          

  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000

Title
Path Traversal in Bosch Video Management System NoTouch deployment
Publication
Date
2020-01-29
Last Update
2020-02-11
Security Advisory ID Assigned CVE IDs
CVE-2020-6767
CVSS
Score*
7.7
Affected Products          

  • Bosch Video Management System (BVMS)
  • Bosch BVMS Viewer
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000

Title
Path Traversal in Bosch Video Management System
Publication
Date
2020-01-29
Last Update
2020-02-11
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2019

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products           Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVE-2019-11899
CVSS
Score*
8.8
Affected Products          
Bosch Access Professional Edition
Title
Improper Access Control in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security Advisory ID Assigned CVE IDs
CVE-2019-11898
CVSS
Score*
9.9
Affected Products          
Bosch Access Professional Edition
Title
Hard-coded Credentials in Access Professional Edition 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security Advisory ID Assigned CVE IDs
CVE-2019-1181
CVE-2019-1182
CVSS
Score*
9.8
Affected Products          

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 5000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch DIVAR IP all-in-one 5000
  • Bosch HP Server DL380
  • Bosch HP Workstation
  • Bosch UGM 2040 plus
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000

Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-09-03
Last Update
2019-09-03
Security Advisory ID Assigned CVE IDs
CVE-2019-11601 CVE-2019-11897
CVE-2019-11602 CVE-2019-11603
CVSS
Score*
9.1
Affected Products          

  • ProSyst mBS SDK < 8.2.6
  • Bosch IoT Gateway Software < 9.0.2
  • Bosch IoT Gateway Software < 9.2.0
  • Bosch IoT Gateway Software < 9.3.0

Title
Multiple Vulnerabilities in ProSyst mBS SDK and Bosch IoT Gateway Software
Publication
Date
2019-08-19
Last Update
2020-03-16
Security Advisory ID Assigned CVE IDs
CVE-2019-12256
CVE-2019-12257
CVE-2019-12255
CVE-2019-12260
CVE-2019-12261
CVE-2019-12263
CVE-2019-12258
CVE-2019-12259
CVE-2019-12262
CVE-2019-12264
CVE-2019-12265
CVSS
Score*
9.8
Affected Products          

  • Rexroth embedded controls CML75, MLC/XLC firmware version < 14V22
  • Rexroth embedded controls XM21, XM22, XM42, MLC firmware version < 14V22
  • Rexroth industrial PC VPB40.4, firmware version < 14V22
  • Rexroth embedded controls CML75, CML85, MTX firmware version (all versions)

Title
VxWorks security updates in Bosch Rexroth controllers
Publication
Date
2019-08-08
Last Update
2019-08-08
Security Advisory ID Assigned CVE IDs
CVE-2019-0708
CVSS
Score*
9.8
Affected Products          

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 3000
  • Bosch DIVAR IP 6000
  • Bosch DIVAR IP 7000
  • Bosch HP Workstation
  • Bosch HP Server DL 380
  • Bosch VIDEOJET decoder 7000
  • Bosch VIDEOJET decoder 8000

Title
Vulnerability for Windows Remote Desktop Services (RDP) Remote Code Execution
Publication
Date
2019-06-12
Last Update
2019-06-12
Security Advisory ID Assigned CVE IDs
CVE-2019-11601
CVE-2019-11602
CVE-2019-11603
CVE-2019-11891
CVE-2019-11892
CVE-2019-11893
CVE-2019-11894
CVE-2019-11895
CVE-2019-11896
CVE-2019-11897
CVSS
Score*
9.1
Affected Products          
Bosch Smart Home Controller
Title
Multiple Vulnerabilities in Bosch Smart Home Controller
Publication
Date
2019-05-29
Last Update
2019-05-29
Security Advisory ID Assigned CVE IDs
CVE-2019-11684
CVSS
Score*
9.9
Affected Products          
Bosch Video Recording Manager
Title
Unauthenticated Certificate Access in Video Recording Manager
Publication
Date
2019-05-09
Last Update
2022-02-10
Security Advisory ID Assigned CVE IDs
CVE-2019-6958
CVSS
Score*
9.8
Affected Products          

  • Bosch Video Management Systems (BVMS)
  • DIVAR IP products
  • Configuration Manager
  • Video SDK (VSDK)
  • Bosch Video Client (BVC)
  • Building Integration System (BIS)
  • Access Professional Edition (APE)
  • Access Easy Controller (AEC)

Title
Improper Access Control in Bosch Security Systems Software for Video, PSIM and Access Control Systems
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-6957
CVSS
Score*
9.8
Affected Products          

  • Bosch Video Management Systems (BVMS)
  • DIVAR IP products
  • Video Recording Manager (VRM) software
  • Configuration Manager
  • Video SDK (VSDK)
  • Bosch Video Client (BVC)
  • Building Integration System (BIS)
  • Access Professional Edition (APE)
  • Access Easy Controller (AEC)

Title
Buffer Overflow in Bosch Security Systems Software for Video, PSIM and Access
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-8952
CVSS
Score*
4.9
Affected Products          
Hardware:

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000

Software:

  • Video Recording Manager (VRM)
  • Bosch Video Management System (BVMS)

Title
Path Traversal Vulnerability in Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-8951
CVSS
Score*
6.1
Affected Products          
Hardware:

  • Bosch DIVAR IP 2000
  • Bosch DIVAR IP 5000

Software:

  • Video Recording Manager (VRM)
  • Bosch Video Management System (BVMS)

Title
Open Redirect Vulnerability in Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security Advisory ID Assigned CVE IDs
CVE-2019-7729
CVSS
Score*
4.8
Affected Products          
Smart Camera App for Android < 1.3.1
Title
Insecure Permissions in Smart Camera App for Android
Publication
Date
2019-02-22
Last Update
2019-02-22
Security Advisory ID Assigned CVE IDs
CVE-2019-7728
CVSS
Score*
8.3
Affected Products          
Smart Camera App for Android < 1.3.1
Title
Improper Certificate Validation in Smart Camera App for Android
Publication
Date
2019-02-22
Last Update
2019-02-22
Security Advisory ID Assigned CVE IDs
CVSS
Score*
9.8
Affected Products          

  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02

Title
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
Publication
Date
2019-02-18
Last Update
2019-02-18
Security Advisory ID Assigned CVE IDs
CVSS
Score*
10
Affected Products          
Bosch digital recorder DVR 400 & 600 series
Title
DIVAR 400 & 600 series Vulnerability
Publication
Date
2019-01-22
Last Update
2019-01-22
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2018

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products           Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVE-2018-20299
CVSS
Score*
9.4
Affected Products          

  • 360° Indoor Camera < 6.52.4
  • Eyes Outdoor Camera < 6.52.4

Title
Bosch Smart Home Camera Vulnerability
Publication
Date
2018-12-18
Last Update
2018-12-20
Security Advisory ID Assigned CVE IDs
CVE-2018-19036
CVSS
Score*
9.4
Affected Products          

  • AUTODOME IP
  • AVIOTEC IP
  • DINION HD
  • DINION IP
  • EXTEGRA IP
  • FLEXIDOME HD
  • Vandal-proof FLEXIDOME HD
  • FLEXIDOME IP
  • IP bullet
  • IP micro
  • MIC IP
  • TINYON IP

Title
Bosch IP Camera Vulnerability
Publication
Date
2018-12-12
Last Update
2022-02-10
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.5
Affected Products          

  • Access Easy Controller 2.1

Title
Bosch Access Easy Controller 2.1
Publication
Date
2018-12-03
Last Update
2018-12-03
Security Advisory ID Assigned CVE IDs
CVSS
Score*
9.8
Affected Products          

  • All projects created with WinStudio versions prior to 7.4 SP1
  • All projects created with IndraWorks versions prior to 15V02

Title
Bosch Rexroth IndraWorks Operation (WinStudio) Security Advisory
Publication
Date
2018-11-27
Last Update
2018-11-27
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2017

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products           Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.5
Affected Products          
Bosch Drivelog Connector
Title
Bosch Drivelog Connector
Publication
Date
2017-04-13
Last Update
2017-04-13
Security Advisory ID Assigned CVE IDs
CVSS
Score*
2.9
Affected Products          
Bosch BMA222E
Title
Bosch BMA222E Acoustic Resonance Interference
Publication
Date
2017-03-14
Last Update
2017-03-14
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

2016

Security Advisory ID Assigned CVE IDs CVSS
Score*
Affected Products           Title Publication
Date
Last Update
Security Advisory ID Assigned CVE IDs
CVSS
Score*
6.4
Affected Products          
Bosch Rexroth BLADEcontrol-WebVIS
Title
Bosch Rexroth BLADEcontrol-WebVIS
Publication
Date
2016-07-22
Last Update
2017-03-14
*Common Vulnerability Scoring System. If an advisory covers multiple CVEs, the highest score will be referenced. Unless explicitly noted otherwise, the given CVSS scores are CVSSv3 base scores. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Atom / RSS Feeds

Subscribe to our feed(s) to be notified about new Security Advisories.

Search our S/MIME key here
Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0

Find our PGP Key here
Fingerprint: F40C 0FE3 E919 B082 B2DD 75E5 929D 3AFD 217E 21D7