Denial of Service vulnerability in Bosch BT software products

BOSCH-SA-092656-BT

Advisory Information

Advisory ID: BOSCH-SA-092656-BT
CVE Numbers and CVSS v3.1 Scores:
- CVE-2023-32230
  - Base Score: 7.5 (High)
- CVE-2023-35867
  - Base Score: 5.9 (Medium)
Published: 13 Dec 2023
Last Updated: 13 Dec 2023

Summary

An security vulnerability discovered in Bosch internal tests allows an unauthenticated attacker to interrupt normal functions and cause a Denial of Service / DoS.

Bosch rates this vulnerability with a CVSSv3.1 base scores of 7.5 (High) for products using the vulnerable function as a server and 5.9 (medium) for products using the vulnerable function as a client, where the actual rating depends on the individual vulnerability and the final rating on the customer’s environment.

Customers are strongly advised to update to the fixed versions.

Affected Products

Bosch BIS Video Engine
- CVE-2023-35867
  - Version(s): <= 5.0.1
Bosch BVMS
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch BVMS Viewer
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch Configuration Manager
- CVE-2023-35867
  - Version(s): <= 7.62
Bosch DIVAR IP 7000 R2
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch DIVAR IP all-in-one 4000
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch DIVAR IP all-in-one 5000
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch DIVAR IP all-in-one 6000
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch DIVAR IP all-in-one 7000
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch DIVAR IP all-in-one 7000 R3
- CVE-2023-35867
  - Version(s): <= 12.0.0
Bosch Intelligent Insights
- CVE-2023-35867
  - Version(s): <= 1.0.3.14
Bosch Monitorwall
- CVE-2023-32230
  - Version(s): <= 10.00.0164
Bosch ONVIF Camera Event Driver Tool
- CVE-2023-35867
  - Version(s): <= 2.0.0.8
Bosch Project Assistant
- CVE-2023-35867
  - Version(s): <= 2.3
Bosch VJD-7513
- CVE-2023-32230
  - Version(s): <= 10.40.0055
Bosch VJD-7523
- CVE-2023-32230
  - Version(s): <= 10.40.0055
Bosch Video Recording Manager
- CVE-2023-32230
  - Version(s): <= 04.10.0079
Bosch Video Security Client
- CVE-2023-35867
  - Version(s): <= 3.3.5
Bosch Video Streaming Gateway
- CVE-2023-32230
  - Version(s): <= 8.1.2.2
  - Version(s): 9.0.0 - 9.0.0.178 (including)

Solution and Mitigations

Software Updates

The recommended approach is to update the affected Bosch software to a fixed version. If an update is not possible in timely manner, users are recommended to follow the mitigation described in the following section.

A reboot or restart of the affected component is needed after applying the patch.

After installing the patch it should be verified if the patch was applied by checking the version of the updated component.

Firewalling

Disallowing connections from insecure networks to the affected software and devices by means of a firewall prevents the attacker from accessing the vulnerable interface.

Vulnerability Details

CVE-2023-32230

CVE description: An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.

Problem Type:
- CWE-703 Improper Check or Handling of Exceptional Conditions
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Base Score: 7.5 (High)

CVE-2023-35867

CVE description: An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

Problem Type:
- CWE-703 Improper Check or Handling of Exceptional Conditions
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Base Score: 5.9 (Medium)

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

[1] Software Updates: https://downloadstore.boschsecurity.com
[2] BIS Download Area: https://downloadstore.boschsecurity.com/index.php?type=BIS
[3] BVMS Download Area: https://downloadstore.boschsecurity.com/index.php?type=BVMS
[4] BVMS Appliances (DIVAR IP) Download Area: https://downloadstore.boschsecurity.com/?type=DIPBVMS
[5] VRM Download Area: https://downloadstore.boschsecurity.com/index.php?type=VRM
[6] VJD Download Area: https://downloadstore.boschsecurity.com/index.php?type=DEC
[7] VSC Download Area: https://downloadstore.boschsecurity.com/index.php?type=VSW8
[8] PA Download Area: https://downloadstore.boschsecurity.com/index.php?type=COMAPPW

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

13 Dec 2023: Initial Publication

Appendix

Fixes for the Affected Products

	Affected versions	Name of version to fix the vulnerability
BIS Video Engine	5.0.1 and earlier	BIS 5.0.1 mandatory common files 1 for Patch Release for CVE-2023-35867 BIS 5.0.1 mandatory common files 2 for Patch Release for CVE-2023-35867 BIS 5.0.1 files for language xx for Patch Release for CVE-2023-35867
BVMS Viewer	11.1.1	BVMS111165_VWR_Patch_FW90improve_434923,428521.zip
BVMS Viewer	12.0.0	Upgrade to BVMS Viewer 12.0.1
BVMS	11.1.1	BVMS111165_Patch_FW90improve_434923,428521.zip
BVMS	12.0.0	Upgrade to BVMS 12.0.1
Configuration Manager	7.62.0178 and earlier	7.70.0090
DIVAR IP all-in-one 7000 R3	11.1.1	BVMS_11.1.1_Updates_SystemManager_package_1.2.zip
DIVAR IP all-in-one 7000 R3	12.0.0	Upgrade to BVMS 12.0.1
DIVAR IP 7000 R2	11.1.1	BVMS - BVMS111165_Patch_FW90improve_434923,428521.zip
DIVAR IP 7000 R2	12.0.0	Upgrade to BVMS 12.0.1
DIVAR IP all-in-one 5000	11.1.1	BVMS_11.1.1_Updates_SystemManager_package_1.2.zip
DIVAR IP all-in-one 5000	12.0.0	Upgrade to BVMS 12.0.1
DIVAR IP all-in-one 7000	11.1.1	BVMS_11.1.1_Updates_SystemManager_package_1.2.zip
DIVAR IP all-in-one 7000	12.0.0	Upgrade to BVMS 12.0.1
DIVAR IP all-in-one 4000	11.1.1	BVMS_11.1.1_Updates_SystemManager_package_1.2.zip
DIVAR IP all-in-one 4000	12.0.0	Upgrade to BVMS 12.0.1
DIVAR IP all-in-one 6000	11.1.1	BVMS_11.1.1_Updates_SystemManager_package_1.2.zip
DIVAR IP all-in-one 6000	12.0.0	Upgrade to BVMS 12.0.1
Intelligent Insights	1.0.3.14 and earlier	1.0.3.22
Monitorwall	10.00.0164 and earlier	tba - next release
ONVIF Camera Event Driver Tool	2.0.0.8	2.1.1.4
Project Assistant	2.3.0.28 and earlier	2.4.0.36
Video Security Client	3.3.5.22 and earlier	3.4.0.42
Video Streaming Gateway (VSG)	8.1.2.2 and earlier	8.1.4.1
Video Streaming Gateway (VSG)	9.0.0.178	9.1.0.12
Video Recording Manager (VRM)	04.10.0079 and earlier	04.04.0027 04.20.0016
VJD-7513	10.40.0055 and earlier	10.40.0061
VJD-7523	10.40.0055 and earlier	10.40.0061

Material Lists

BIS Video Engine

Family Name	CTN	SAP#	Material description
BIS Video Engine 5.0	BIS-FVIE-BPA50	F.01U.415.283	Basic license
BIS Video Engine 4.9	BIS-FVIE-BPA49	F.01U.395.631	Basic license
BIS Video Engine 4.8	BIS-FVIE-BPA48	F.01U.388.192	Basic license
BIS Video Engine 4.7	BIS-FVIE-BPA47	F.01U.381.802	Basic license

BVMS

Family Name	CTN	SAP#	Material description
BVMS Professional 12.0	MBV-BPRO	F.01U.393.647	License Professional base
BVMS Plus 12.0	MBV-BPLU	F.01U.393.650	License Plus base
BVMS Plus 12.0 DIP	MBV-BPLU-DIP	F.01U.374.503	License Plus base for DIVAR IP
BVMS Viewer 12.0	MBV-BVWR	F.01U.393.649	License Viewer base
BVMS Lite 12.0	MBV-BLIT	F.01U.393.648	License Lite base
BVMS Lite 12.0 DIP	MBV-BLIT-DIP	F.01U.358.975	License Lite base for DIVAR IP
BVMS Professional 11.1.1	MBV-BPRO-101	F.01U.389.492	License Professional base
BVMS Enterprise 11.1.1	MBV-BENT-101	F.01U.389.506	License Enterprise base
BVMS Plus 11.1.1	MBV-BPLU-101	F.01U.389.477	License Plus base
BVMS Plus 11.1.1 DIP	MBV-BPLU-DIP	F.01U.374.503	License Plus base for DIVAR IP
BVMS Viewer 11.1.1	MBV-BVWR	F.01U.393.649	License Viewer base
BVMS Lite 11.1.1	MBV-BLIT	F.01U.393.648	License Lite base
BVMS Lite 11.1.1 DIP	MBV-BLIT-DIP	F.01U.358.975	License Lite base for DIVAR IP

Configuration Manager

Family Name	CTN	SAP#	Material description
Configuration Manager	MFT-CM	F.01U.360.102	Configuration Manager

DIVAR IP 7000 R2

Family Name	CTN	SAP#	Material description
DIVAR IP 7000 R2	DIP-7180-00N	F.01U.314.520	DIVAR IP 7000 2U w/o HDD
DIVAR IP 7000 R2	DIP-7183-4HD	F.01U.314.521	DIVAR IP 7000 2U 4x3TB
DIVAR IP 7000 R2	DIP-7183-8HD	F.01U.314.522	DIVAR IP 7000 2U 8x3TB
DIVAR IP 7000 R2	DIP-7184-4HD	F.01U.314.523	DIVAR IP 7000 2U 4x4TB
DIVAR IP 7000 R2	DIP-7184-8HD	F.01U.314.524	DIVAR IP 7000 2U 8x4TB
DIVAR IP 7000 R2	DIP-71F0-00N	F.01U.314.525	DIVAR IP 7000 3U w/o HDD
DIVAR IP 7000 R2	DIP-71F3-16HD	F.01U.314.526	DIVAR IP 7000 3U 16x3TB
DIVAR IP 7000 R2	DIP-71F4-16HD	F.01U.314.527	DIVAR IP 7000 3U 16x4TB
DIVAR IP 7000 R2	DIP-7186-8HD	F.01U.329.143	DIVAR IP 7000 2U 8x6TB
DIVAR IP 7000 R2	DIP-7188-8HD	F.01U.329.144	DIVAR IP 7000 2U 8x8TB
DIVAR IP 7000 R2	DIP-71F6-16HD	F.01U.329.145	DIVAR IP 7000 3U 16x6TB
DIVAR IP 7000 R2	DIP-71F8-16HD	F.01U.329.146	DIVAR IP 7000 3U 16x8TB
DIVAR IP 7000 R2	DIP-7184-8HD-WAG	F.01U.343.277	DIVAR IP 7000 2U 8x4TB, WAG Kit

DIVAR IP all-in-one 5000

Family Name	CTN	SAP#	Material description
DIVAR IP all-in-one 5000	DIP-5240IG-00N	F.01U.361.821	Management Appliance w/o HDD
DIVAR IP all-in-one 5000	DIP-5244IG-4HD	F.01U.362.424	Management Appliance 4x4TB
DIVAR IP all-in-one 5000	DIP-5248IG-4HD	F.01U.362.423	Management Appliance 4x8TB
DIVAR IP all-in-one 5000	DIP-524CIG-4HD	F.01U.362.422	Management Appliance 4x12TB
DIVAR IP all-in-one 5000	DIP-5240GP-00N	F.01U.359.551	Management Appliance GPU wo HD
DIVAR IP all-in-one 5000	DIP-5244GP-4HD	F.01U.359.552	Management Appliance GPU 4x4TB
DIVAR IP all-in-one 5000	DIP-5248GP-4HD	F.01U.359.553	Management Appliance GPU 4x8TB
DIVAR IP all-in-one 5000	DIP-524CGP-4HD	F.01U.359.554	Management Appliance GPU 4x12TB

DIVAR IP all-in-one 7000

Family Name	CTN	SAP#	Material description
DIVAR IP all-in-one 7000	DIP-7280-00N	F.01U.362.591	2U Management Appliance w/o HD
DIVAR IP all-in-one 7000	DIP-7284-8HD	F.01U.362.592	2U Management Appliance 8x4TB
DIVAR IP all-in-one 7000	DIP-7288-8HD	F.01U.362.593	2U Management Appliance 8x8TB
DIVAR IP all-in-one 7000	DIP-728C-8HD	F.01U.362.594	2U Management Appliance 8x12TB
DIVAR IP all-in-one 7000	DIP-72G0-00N	F.01U.362.595	3U Management Appliance wo HDD
DIVAR IP all-in-one 7000	DIP-72G8-16HD	F.01U.362.596	3U Management Appliance 16x8TB
DIVAR IP all-in-one 7000	DIP-72GC-16HD	F.01U.362.597	3U Management Appliance 16x12T

DIVAR IP all-in-one 7000 R3

Family Name	CTN	SAP#	Material description
DIVAR IP all-in-one 7000	DIP-7380-00N	F.01U.385.539	Management appliance 2U without HD
DIVAR IP all-in-one 7000	DIP-7384-8HD	F.01U.385.540	Management appliance 2U 8X4TB
DIVAR IP all-in-one 7000	DIP-7388-8HD	F.01U.385.541	Management appliance 2U 8X8 TB
DIVAR IP all-in-one 7000	DIP-738C-8HD	F.01U.385.542	Management appliance 2U 8X12 TB
DIVAR IP all-in-one 7000	DIP-73G0-00N	F.01U.385.543	Management appliance 3U without HD
DIVAR IP all-in-one 7000	DIP-73G8-16HD	F.01U.385.544	Management appliance 3U 16X8TB
DIVAR IP all-in-one 7000	DIP-73GC-16HD	F.01U.385.545	Management appliance 3U 16X12 TB

DIVAR IP all-in-one 4000

Family Name	CTN	SAP#	Material description
DIVAR IP all-in-one 4000	DIP-4420IG-00N	F.01U.404.040	Management appliance w/o HDD
DIVAR IP all-in-one 4000	DIP-4424IG-2HD	F.01U.404.041	Management appliance 2x4TB
DIVAR IP all-in-one 4000	DIP-4428IG-2HD	F.01U.404.042	Management appliance 2x8TB
DIVAR IP all-in-one 4000	DIP-442IIG-2HD	F.01U.404.043	Management appliance 2x18TB

DIVAR IP all-in-one 6000

DIVAR IP all-in-one 6000	DIP-6440IG-00N	F.01U.404.045	Management appliance 1U w/o HDD
DIVAR IP all-in-one 6000	DIP-6444IG-4HD	F.01U.404.046	Management appliance 1U 4x4TB
DIVAR IP all-in-one 6000	DIP-6448IG-4HD	F.01U.404.047	Management appliance 1U 4x8TB
DIVAR IP all-in-one 6000	DIP-644IIG-4HD	F.01U.404.048	Management appliance 1U 4x18TB

Intelligent Insights

Name	CTN	SAP#	Material description
IGI-BASE Intelligent Insights Base	IGI-BASE	F.01U.384.690	IGI-BASE Intelligent Insights Base

Monitor Wall

Name	CTN	SAP#	Material description
Monitor Wall license for two displays	MVS-MW-2D	F.01U.382.735	Monitor Wall license for two displays
Monitor Wall license for four displays	MVS-MW-4D	F.01U.382.736	Monitor Wall license for four displays

Project Assistant

Name	CTN	SAP#	Material description
Project Assistant	MFT-PA	F.01U.360.106	Project Assistant

Video Security Client

Name	CTN	SAP#	Material description
Video Security Client	MFT-VSC	F.01U.360.105	Video Security Client

VIDEOJET decoder 7000 (VJD-7000)

Family Name	CTN	SAP#	Material description
VJD-7000	VJD-7513	F.01U.345.382	High-performance H.265 UHD decoder
VJD-7000	VJD-7523	F.01U.407.935	High-performance H.265 UHD decoder

Video Recording Manager (VRM)

Family Name	CTN	SAP#	Material description
VRM	MVM-BVRM-016	F.01U.166.502	Base Package incl. 16 cameras single-pac