BVMS affected by Autodesk Design Review Multiple Vulnerabilities

Advisory Information

• Advisory ID: BOSCH-SA-246962-BT
• CVE Numbers and CVSS v3.1 Scores:
  • CVE-2021-27033
    • Base Score: 7.8 (High)
  • CVE-2021-27034
    • Base Score: 7.8 (High)
  • CVE-2021-27035
    • Base Score: 7.8 (High)
  • CVE-2021-27036
    • Base Score: 7.8 (High)
  • CVE-2021-27037
    • Base Score: 7.8 (High)
  • CVE-2021-27038
    • Base Score: 7.8 (High)
  • CVE-2021-27039
    • Base Score: 7.8 (High)
• Published: 13 Mar 2024
• Last Updated: 13 Mar 2024

Summary

BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.

Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the Autodesk Design Review during a BVMS upgrade. This means only BVMS systems are affected which have versions <= 10.1.1.12 or were upgraded from BVMS Version <= 10.1.1.12 to a higher version.

• Bosch does not provide any patches for BVMS <= 10.1.1.12

• For BVMS systems upgraded from any BVMS version <= 10.1.1.12 Bosch advises to mitigate the vulnerability.

• Fresh BVMS installations starting from BVMS 11.0 are not affected

Before removing Autodesk Design Review v 9.1.0.127 make sure that it is not used by any other software installed on that machine.

How to check if the system is affected:

1. In the Search bar, search for "add remove" and select "Add remove programs".

2. Check whether Autodesk Design Review v 9.1.0.127 is installed.

Affected Products

• Bosch BVMS
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.1 (including)
• Bosch BVMS Viewer
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.1 (including)
• Bosch DIVAR IP 7000 R2
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.0.1 (including)
• Bosch DIVAR IP all-in-one 5000
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.1 (including)
• Bosch DIVAR IP all-in-one 7000
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.1 (including)
• Bosch DIVAR IP all-in-one 7000 R3
  • CVE-2021-27033, CVE-2021-27034, CVE-2021-27035, CVE-2021-27036, CVE-2021-27037, CVE-2021-27038, CVE-2021-27039
    • Version(s): 11.0 - 12.1 (including)

Solution and Mitigations

Software Updates

No software updates available. Please refer to the solution on section 4.2 "Uninstall Autodesk Design Review"

Uninstall Autodesk Design Review

1. Install patch BVMS_AutodeskDesignReview2009_Patch_FixRegKeyRemovalBeforeUninstall.zip. This step must be executed as the first one and is mandatory.

2. In the Search bar, search for "add remove" and select "Add remove programs".

3. Uninstall Autodesk Design Review.

Vulnerability Details

CVE-2021-27033

CVE description: A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

• Problem Type:
  • CWE-415
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27034

CVE description: A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

• Problem Type:
  • CWE-787
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27035

CVE description: A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

• Problem Type:
  • CWE-787
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27036

CVE description: A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

• Problem Type:
  • CWE-787
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27037

CVE description: A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.

• Problem Type:
  • CWE-416
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27038

CVE description: A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.

• Problem Type:
  • CWE-843
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

CVE-2021-27039

CVE description: A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.

• Problem Type:
  • CWE-787
• CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Base Score: 7.8 (High)

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

• [1] BVMS Download Area: https://downloadstore.boschsecurity.com/index.php?type=BVMS
• [2] BVMS Viewer Download Area: https://downloadstore.boschsecurity.com/index.php?type=BVMSVWR
• [3] BVMS Appliances (DIVAR IP) Download Area: https://downloadstore.boschsecurity.com/?type=DIPBVMS

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

• 13 Mar 2024: Initial Publication

Appendix

Fixes for the Affected Products

BVMS

BVMS Download Area

BVMS Viewer

BVMS Viewer Download Area

Bosch DIVAR IP all-in-one 7000 R3

BVMS Download Area

Bosch DIVAR IP 7000 R2

BVMS Download Area

Bosch DIVAR IP all-in-one 5000

BVMS Download Area

Bosch DIVAR IP all-in-one 7000

BVMS Download Area

Material Lists

BVMS

Bosch DIVAR IP 7000 R2

Bosch DIVAR IP all-in-one 5000

Bosch DIVAR IP all-in-one 7000

Bosch DIVAR IP all-in-one 7000 R3