Skip to main

Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000

BOSCH-SA-454166-BT

Advisory Information

Summary

The possibility for a reflected Cross Site Scripting (XSS) and stored Cross Site Scripting (XSS) attack was discovered in the Bosch VIDEOJET multi 4000.

For more details please see the description of the vulnerability in this advisory.

Bosch rates this vulnerability with CVSSv3.1 base score 5.8 (medium) and 5.1 (medium), where the final rating depends on the customer’s environment.

Customers are advised to follow listed mitigations until an update is available.

Affected Products

  • Bosch VIDEOJET multi 4000 <= 6.31.0010

Solution and Mitigations

Secure Configuration Environment

It is advised to use a Bosch tool like the Configuration Manager to configure the encoder, that is not vulnerable to issues like XSS (Cross Site Scripting) or CSRF (Cross Site Request Forgery).

When using the web based configuration interface and currently being logged in as an administrator, some security precautions can be taken to mitigate XSS or CSRF vulnerabilities:

  • No other websites or email content should be opened as long as the session to the encoder is active.

  • No links should be clicked from an untrusted external source that link back to the encoder.

  • Use a different browser than the system default browser to open a session to the encoder as there is no XSS or CSRF between browsers.

  • Always log out and/or close the browser (not only the tab) to clear any session data.

Secure Administration

A stored XSS attack is only possible when an user with administrative rights is able to save malicious JavaScript code on the device. Only trusted users should have access to the administrative interface and common security rules for administrative credentials should be followed (e.g. using strong, unique passwords).

Vulnerability Details

CVE-2022-40183

CVE description: An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user.

CVE-2022-40184

CVE description: Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

  • 19 Oct 2022: Initial Publication

Appendix

Affected Products

Bosch VIDEOJET multi 4000

Affected VIDEOJET multi 4000 firmware Name of version to fix the vulnerability
6.31.0010 and earlier

VIDEOJET multi Download Area

Material Lists

VIDEOJET multi 4000

Family Name CTN SAP# Material description
VIDEOJET multi 4000
VJM-4016
F.01U.298.670
VIDEOJET multi 4000
VIDEOJET multi 4000 EU
VJM-4016-EU
F.01U.296.122
VIDEOJET multi 4000 EU
VIDEOJET multi 4000 US
VJM-4016-US
F.01U.298.556
VIDEOJET multi 4000 US