Improper Access Control in Access Professional Edition 3.7 downwards (CVE-2019-11899)
- Advisory ID: BOSCH-SA-844044-BT
CVE Numbers and Scores:
- Base Score: 8.8 (High)
- Published: 11 Sep 2019
- Last Updated: 11 Sep 2019
A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards.
The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should be firewalled, whilst additional steps like network isolation by VLAN, IP filtering features of the devices and other technologies should be used to decrease the exposure of vulnerable systems. In addition, the SMB service should be properly configured to Microsoft’s latest security recommendations.
The vulnerability was discovered and disclosed to Bosch in a coordinated manner by the external researcher, Oleksii Orekhov.
Bosch Access Professional Edition <= 3.7
Solution and Mitigations
The recommended approach is to update the software to a fixed version as soon as possible. Until a fixed software version is installed, the mitigation approaches firewalling, and IP filtering can be utilized. A fixed APE version is available on the Bosch Product Catalog  .
We advise a reduction of network exposure of the system. Systems that are accessible via the internet should be firewalled. The SMB service in Microsoft Windows should be properly configured to Microsoft’s latest security recommendations  .
Additional measures such as network isolation via VLAN, or the filtering of systems IP features and supplementary technology, are strongly advised.
The vulnerability can be used to achieve unauthorized access to sensitive data of the APE system. This could enable a potential attacker to get unauthorized access to the site. Necessary prerequisite for this attack is access to the network of the APE server.
CVE description: An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With APE 3.8, client installations need to be authorized by the APE administrator.
- Problem Type:
CVSS Vector String:
- CVSS 3.0 Base Score: 8.8 (High)
Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Software updates: Bosch Product Catalog - APE
 Microsoft: SMB security enhancements
 Bosch Building Technologies Security Advisory page
 (pdf) Secure Operation Concept
 Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: firstname.lastname@example.org .
11 Sep 2019: Initial Publication