Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    Bosch Security Advisories - PSIRT (Product Security Incident Response Team)

    100% helpful (1/1)

    This article contains the list of Security Advisories (SA) to inform you about identified security vulnerabilities in our product or service and proposed solutions.

    🔔 Subscribe to this article and Stay up to date with the latest published Security Advisories.

    Central_Support_1-1692796093871.png

     

    2024

     

    Advisory number

    Title

    Affected Products

    Summary

    BOSCH-SA-162032-BT

    Publication
    Date: 
    2024-10-16

     

     

     

     

     

     

     

     

    Unrestricted resource consumption in BVMS

     

     

     

     

     

     

     

     

     

     

    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch Bosch DIVAR IP 7000 R2
    • Bosch Bosch DIVAR IP all-in-one 5000
    • Bosch Bosch DIVAR IP all-in-one 7000
    • Bosch Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    A vulnerability has been identified in the Bosch VMS Central Server concerning unrestricted resource consumption, leading to excessive use of disk space. The uncontrolled resource consumption can lead to a significant impact on the availability and performance of the affected system. This can result in the inability to store new data, process incoming requests, and perform essential system functions. In severe cases, it may lead to system crashes and data loss.

     

     

     

     

     

    BOSCH-SA-981803-BT

    Publication
    Date: 
    2024-10-01

    Sensitive information disclosure in Bosch Configuration Manager

    Bosch Bosch Configuration Manager

    A vulnerability was discovered during internal testing of the Bosch Configuration Manager, which may temporarily store sensitive information of the configured system.

    BOSCH-SA-659648-BT

    Publication
    Date: 
    2024-08-21

    Unauthenticated information leak in Bosch IP cameras

    Bosch Camera Firmware

    A vulnerability was discovered in internal testing of Bosch IP cameras of families CPP13 and CPP14, that allows an unauthenticated attacker to retrieve video analytics event data. No video data is leaked through this vulnerability.

    BOSCH-SA-587194-BT

    Publication
    Date: 
    2024-08-07

     

     

     

     

     

     

     

     

     

     

     

    Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices

     

     

     

     

     

     

     

     

     

     

     

    • Bosch DIVAR IP all-in-one 4000 (DIP-44xx)
    • Bosch DIVAR IP all-in-one 6000 (DIP-64xx)
    • Bosch DIVAR IP all-in-one 7000 (DIP-74xx)
    • Bosch DIVAR IP all-in-one 7000 R3 (DIP-73xx)
    • Bosch DIVAR IP all-in-one 7000 (DIP-72xx)
    • Bosch DIVAR IP all-in-one 5000 (DIP-52xx)

    DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application.

     

    Multiple Curl vulnerabilities in the Git for Windows component have been discovered in DIVAR IP System Manager versions prior to 2.3.2, affecting several Bosch DIVAR IP all-in-one models.

     

     

     

     

     

     

     

    BOSCH-SA-246962-BT

    Publication
    Date: 
    2024-03-13

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    BVMS affected by Autodesk Design Review Multiple Vulnerabilities

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch Bosch DIVAR IP 7000 R2
    • Bosch Bosch DIVAR IP all-in-one 5000
    • Bosch Bosch DIVAR IP all-in-one 7000
    • Bosch Bosch DIVAR IP all-in-one 7000 R3

     

     

     

     

     

     

     

    BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.

    Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the Autodesk Design Review during a BVMS upgrade. This means only BVMS systems are affected which have versions <= 10.1.1.12 or were upgraded from BVMS Version <= 10.1.1.12 to a higher version.

    • Bosch does not provide any patches for BVMS <= 10.1.1.12

    • For BVMS systems upgraded from any BVMS version <= 10.1.1.12 Bosch advises to mitigate the vulnerability.

    • Fresh BVMS installations starting from BVMS 11.0 are not affected

    Before removing Autodesk Design Review v 9.1.0.127 make sure that it is not used by any other software installed on that machine.

    How to check if the system is affected:

    1. In the Search bar, search for "add remove" and select "Add remove programs".

    2. Check whether Autodesk Design Review v 9.1.0.127 is installed.

    BOSCH-SA-090577-BT

    Publication
    Date: 
    2024-03-06

     

     

     

     

     

     

     

     

     

     

    Multiple OpenSSL vulnerabilities in BVMS

     

     

     

     

     

     

     

     

     

     

     

    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    BVMS is using a Device Adapter service for communication with Tattile cameras which is also active when no Tattile cameras are added in the BVMS installation. This service uses an OpenSSL library, which has multiple vulnerabilities as published by OpenSSL. When successfully exploited, these vulnerabilities could lead to command injection or denial of service.

     

     

     

     

     

     

     

     

    BOSCH-SA-637386-BT

    Publication
    Date: 
    2024-03-06

     

     

     

     

     

     

     

     

     

     

     

    Git for Windows Multiple Security Vulnerabilities in Bosch DIVAR IP all-in-one Devices

     

     

     

     

     

     

     

     

     

     

     

    • Bosch Bosch DIVAR IP all-in-one 4000 (DIP-44xx)
    • Bosch Bosch DIVAR IP all-in-one 5000 (DIP-52xx)
    • Bosch Bosch DIVAR IP all-in-one 6000 (DIP-64xx)
    • Bosch Bosch DIVAR IP all-in-one 7000 (DIP-72xx)
    • Bosch Bosch DIVAR IP all-in-one 7000 R3 (DIP-73xx)

    DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application.
    Multiple Git for Windows vulnerabilities have been discovered in DIVAR IP System Manager versions prior to 2.3.0, affecting several Bosch DIVAR IP all-in-one models.

     

     

     

     

     

     

     

     

     

     

    2023

     

    Advisory number

    Title

    Affected Products

    Summary

    BOSCH-SA-638184-BT

    Publication
    Date: 
    2023-12-13

     

    Command injection vulnerability in Bosch IP Cameras

    • Bosch Camera Firmware

     

    A vulnerability was discovered in Bosch IP cameras of families CPP13 and CPP14, that allows an authenticated user with administrative rights to execute arbitrary commands in the operating system of the camera.

    BOSCH-SA-092656-BT

    Publication
    Date: 
    2023-12-13

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Denial of Service vulnerability in Bosch BT software products

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    • Bosch BIS Video Engine
    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch Configuration Manager
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR IP all-in-one 6000
    • Bosch DIVAR IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch Intelligent Insights
    • Bosch Monitorwall
    • Bosch ONVIF Camera Event Driver Tool
    • Bosch Project Assistant
    • Bosch VJD-7513
    • Bosch VJD-7523
    • Bosch Video Recording Manager
    • Bosch Video Security Client
    • Bosch Video Streaming Gateway

    A security vulnerability discovered in Bosch internal tests allows an unauthenticated attacker to interrupt normal functions and cause a Denial of Service / DoS.

    Bosch rates this vulnerability with a CVSSv3.1 base scores of 7.5 (High) for products using the vulnerable function as a server and 5.9 (medium) for products using the vulnerable function as a client, where the actual rating depends on the individual vulnerability and the final rating on the customer’s environment.

    Customers are strongly advised to update to the fixed versions.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    BOSCH-SA-893251-BT

     

     

     

    Remote Code Execution in RTS VLink Virtual Matrix

     

     

     

     

     

    • RTS VLink Virtual Matrix Software

     

     

     

     

     

    A security vulnerability has been uncovered in the admin interface of the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack.

    Versions v5 (< 5.7.6) and v6 (< 6.5.0) of the RTS VLink Virtual Matrix Software are affected by this vulnerability. Older versions are not affected.

    The vulnerability has been uncovered and disclosed responsibly by an external team of researchers.

    BOSCH-SA-247054-BT

     

     

     

    Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

     

     

     

    • Bosch PRA-ES8P2S < 1.01.10

     

     

     

    Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch. Customers are advised to upgrade to version 1.01.10 since it solves all vulnerabilities listed.

    Customers are advised to isolate the switch from the Internet if upgrading is not possible.

    The PRA-ES8P2S switch contains technology from the Advantech EKI-7710G series switches.

    BOSCH-SA-988400-BT

     

     

     

     

     

     

     

     

     

     

     

    Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share

     

     

     

     

     

     

     

     

     

     

    • Bosch BIS

     

     

     

     

     

     

     

     

     

     

     

     

    In a recent survey of BIS installations worldwide Bosch identified that for some installations the security settings may not meet our recommended security standards. For this reason, we have updated our "Cybersecurity Guidebook".

    Section 4.5 of the Cybersecurity Guidebook describes how to configure access permissions for a shared folder of the BIS installation. In an older version of the Cybersecurity Guidebook, one of the recommended access permissions is wrongly stated as "Network" group instead of "Network Service" group. This information is updated in the new version of the documentation, because executing the earlier instructions may unintentionally grant access permission to potentially unauthorized users.

    This is not a software bug, just an update of the documentation targeted at installers. This document is included in BIS installation folder since version BIS 5.0. Previous BIS version do not contain the document, but validating the security setting is generally advised.

    BOSCH-SA-839739-BT

     

     

     

    Information Disclosure Vulnerability in Bosch IP cameras

     

     

     

    • Bosch Camera Firmware

     

     

     

     

    An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

    This vulnerability was discovered by Souvik Kandar and Arko Dhar from Redinent Innovations, India

    BOSCH-SA-435698-BT

     

     

    Possible damage of secure element in Bosch IP cameras

     

     

    • Bosch Camera Firmware

     

     

    Due to an error in the software interface to the secure element chip on the cameras, the chip can be permanently damaged leading to an unusable camera when enabling the Stream security option (signing of the video stream) on Bosch CPP13 and CPP14 cameras. The default setting for this option is "off".

    BOSCH-SA-110112-BT

     

     

     

     

     

     

     

     

     

     

    .NET Remote Code Execution Vulnerability in BVMS, BIS and AMS

     

     

     

     

     

     

     

     

     

     

    • Bosch AMS
    • Bosch BIS
    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR • IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    The Bosch Video Management System (BVMS), the Bosch Access Management System (AMS), and the Bosch Building Integration System (BIS) are using a vulnerable version of the Microsoft .NET package System.Text.Encodings.Web.

    The System.Text.Encodings.Web is a NuGet package from Microsoft, and Microsoft has published an advisory to provide information about a vulnerability in System.Text.Encodings.Web.

    A remote code execution vulnerability exists in System.Text.Encodings.Web due to how text encoding is performed.

     

     

     

     

     

    BOSCH-SA-391095

     

     

    Vulnerability in Wiegand card data interpretation

     

     

    • Bosch AMS
    • Bosch BIS

     

     

     

    Bosch Access Control products AMC2-4WCF and AMC2-2WCF have a firmware bug which may lead to misinterpretation of access card data that is sent from a Wiegand reader. This may in turn lead to granting physical access to an unauthorized person. This vulnerability affects only products with Wiegand interface, i.e., not devices with OSDP / RS485 interface.

    BOSCH-SA-025794-BT

     

     

     

     

     

     

     

     

     

     

     

    Unrestricted SSH port forwarding in BVMS

     

     

     

     

     

     

     

     

     

     

     

     

    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch DIVAR IP 3000
    • Bosch DIVAR IP 7000 R1
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    The Bosch Video Management System is using SSH server that does not restrict a port forwarding requested by an authenticated SSH client. An authenticated SSH client can request a connection which is forwarded by the BVMS SSH server to a resource within the trusted internal network, which is normally protected from the WAN interface. The resource can be beyond the scope of the Bosch Video Management System.

     

     

     

     

     

     

     

     

    BOSCH-SA-341298-BT

     

     

     

     

     

     

    Insecure authentication in B420 legacy communication module

     

     

     

     

     

     

    • Bosch B420

     

     

     

     

     

     

     

     

    An authentication vulnerability was found in the B420 Ethernet communication module from Bosch Security Systems. This is a legacy product which is currently obsolete and was announced to reach End on Life (EoL) on 2013.  The B420 was last sold in July 2013 and was replaced by the B426. An EoL notice was provided to customers.

    The B420 does not allow for direct access to the panel as this module does not allow direct connection to the SDI/Option Bus that communicates directly with the panel. __ However, customers that are still using this device are advised to replace it for the B426 to ensure it is connected in a secure network.

    *CVSS - Common Vulnerability Scoring System

     

    info.png Another option to get notifications when a new Security Advisory is published is to subscribe to the RSS Feed directly on the Bosch PSIRT Security Advisories website.

    See below how you can do that:

    1. Access the Bosch PSIRT Security Advisories website

    2. Scroll down to the RSS Feeds section on the page > right click on the Security Advisories Category you want to receive notifications for > copy the link address:

    Central_Support_0-1700576278720.png

     

    3. Go in Outlook and search for "RSS Subscriptions" option > right click on it > select "Add a New RSS Feed"

    Central_Support_1-1700576309972.png

     

    4. Paste the link you just copied before from the Bosch PSIRT Security Advisories website > click Add

    Central_Support_2-1700576337106.png

     

    5. Click Yes

    Central_Support_3-1700576362903.png

     

    6. Now, you will be notified every time when a new Security Advisory is published.

    Once the RSS Feed is added to your Outlook, you will see the latest Security Advisories. You also have the option to add this folder to Favorites.

    Central_Support_4-1700576405758.png
     

    youtube.png Or follow the steps from this video about:

    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist