Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    Who rated this article

    BVMS - compatibility with security enhanced camera firmware versions (FW 7.87/ 8.90/ 9.00 or later)

    Rate this article:
    100% helpful (1/1)

    Possible causes and solution(s)

     

    • Symptoms

     

    Maintaining the highest level of data security requires continuous improvements in all the system components - including software and device firmware. Recent changes in the camera firmware are focused on improving the security level overall.

    However, it might cause some troubles when such cameras are connected to the previous BVMS releases. The potential symptoms are:

    • no possibility to add the camera to BVMS
    • no communication with the camera with unsecure connection (using HTTP or RCP+)
    • no communication with the camera using secured, HTTPS connection

    Those symptoms might be caused by various changes in the firmware, explained below.

     

    • Causes

     

    1) Legacy RCP+ commands received a higher authentication level in the camera firmware

     

    Within the camera firmware changes were implemented, so that legacy RCP+ commands received a higher authentication level to further reduce the attack surface and improve security by default. Those changes might make it impossible to add a new camera to the BVMS.

    Changes introduced with:

    Platform
    Firmware version
    CPP6 / CPP7 / CPP7.3 7.87.0029
    CPP13 8.90.0037
    CPP14 9.00.0210

     

    2) Unsecured ports and services disabled in the camera

     

    As best practice to reduce potential attack surfaces and limit the exposure of sensitive services the following ports are disabled in the camera by default:
    RCP+: CONF_RCP_SERVER_PORT 
    HTTP: CONF_LOCAL_HTTP_PORT 
    RTSP: CONF_RTSP_PORT 
    iSCSI: CONF_ISCSI_PORT

    Closed RCP+ port in the camera might not allow adding this camera to the BVMS, as it was used in the earlier versions

    If camera is added to the system with Secured connection option disabled in the BVMS configuration (so it's using unsecured ports for the communication),

    Changes introduced with:

    Platform
    Firmware version
    Comments
    CPP6 / CPP7 / CPP7.3 - Changes considered in the future firmware released - to be determined later
    CPP13 8.90.0037 iSCSI - closed* (see below)
    RCP+ - closed
    HTTP - closed
    RTSP - closed

    CPP14.1

    CPP14.2

    CPP14.3

    9.00.0210 iSCSI - closed* (see below)
    RCP+ - open
    HTTP - open
    RTSP - open
    CPP14.3 9.00.0190

    iSCSI - closed* (see below)
    RCP+ - closed
    HTTP - closed
    RTSP - closed

    Important note: Intermediate fw version, replaced by 9.00.0210 - see the row above.

    *An unsecured connection is required for local storage replay, such as e.g. SD card, ANR. Communication over the RCP+ and iSCSI port is required in such a scenario. While communicating to the device on a secure connection, these ports can be re-enabled. A reboot of the device is required after re-enabling these ports, and then one can switch back to using an unsecure connection.

    Central_Support_0-1702476466002.png

     

    3) New firmware libraries with the limited backwards compatibility

     

    The new libraries in the firmware, used for secured (HTTPS) communication are not compatible anymore with BVMS 11.1.1 or older. As a result, if secured communication is configured, camera will not function properly in BVMS anymore.

    Changes introduced in:

    Platform
    Firmware version
    Comments
    CPP6 / CPP7 / CPP7.3 -  
    CPP13 -  
    CPP14 9.00.0210  
     

    • Solution

     

    Please find the overview of applicable BVMS patches for supported BVMS versions

    Platform Firmware version BVMS 11.1.1 BVMS 12.0.1 BVMS 12.1 Resolved compatibility challenge
    Fix / patch Fix / patch Fix / patch
    CPP6 / CPP7 / CPP7.3 7.87.0029 BVMS111165 Patch CantAddCamSpecFW 424238 Included - no additional patch required Included - no additional patch required 1) Legacy RCP+ commands
    CPP13 8.90.0037 BVMS111165 Patch CantAddCamSpecFW 424238 Included - no additional patch required Included - no additional patch required 1) Legacy RCP+ commands
    Please consider workaround as described HERE BVMS1201375 Patch FW8_90 Cap 429121,418648,425002 Included - no additional patch required 2) Unsecured ports closed in the camera
    CPP14 9.00.0210 BVMS111165 Patch CantAddCamSpecFW 424238 Included - no additional patch required Included - no additional patch required 1) Legacy RCP+ commands
    Please update the fw to 9.00.0210 BVMS1201375 Patch FW8_90 Cap 429121,418648,425002 Included - no additional patch required 2) Unsecured ports closed in the camera
    BVMS111165 Patch FW90improve 434923,428521 Included - no additional patch required Included - no additional patch required 3) Libraries compatibility (for the secured connection)

     

    BVMS 11.0 or previous versions

     

    Since the mentioned FW versions were released more than 2 years after BVMS 11.0 release, compatibility cannot be guaranteed. In order to use the latest camera FW versions with BVMS, please consider upgrading BVMS to one of the versions mentioned above.

    Version history
    Last update:
    ‎12-13-2023 03:15 PM
    Updated by:
    Labels (4)
    Contributors
    Who rated this article
    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist