Bosch Building Technologies

    Showing results for 
    Search instead for 
    Did you mean: 

    Bosch Security Advisories - PSIRT (Product Security Incident Response Team)

    100% helpful (1/1)

    This article contains the list of Security Advisories (SA) to inform you about identified security vulnerabilities in our product or service and proposed solutions.

    🔔 Subscribe to this article and Stay up to date with the latest published Security Advisories.





    Advisory number


    Affected Products







    Remote Code Execution in RTS VLink Virtual Matrix






    • RTS VLink Virtual Matrix Software






    A security vulnerability has been uncovered in the admin interface of the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack.

    Versions v5 (< 5.7.6) and v6 (< 6.5.0) of the RTS VLink Virtual Matrix Software are affected by this vulnerability. Older versions are not affected.

    The vulnerability has been uncovered and disclosed responsibly by an external team of researchers.





    Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch




    • Bosch PRA-ES8P2S < 1.01.10




    Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch. Customers are advised to upgrade to version 1.01.10 since it solves all vulnerabilities listed.

    Customers are advised to isolate the switch from the Internet if upgrading is not possible.

    The PRA-ES8P2S switch contains technology from the Advantech EKI-7710G series switches.













    Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share











    • Bosch BIS













    In a recent survey of BIS installations worldwide Bosch identified that for some installations the security settings may not meet our recommended security standards. For this reason, we have updated our "Cybersecurity Guidebook".

    Section 4.5 of the Cybersecurity Guidebook describes how to configure access permissions for a shared folder of the BIS installation. In an older version of the Cybersecurity Guidebook, one of the recommended access permissions is wrongly stated as "Network" group instead of "Network Service" group. This information is updated in the new version of the documentation, because executing the earlier instructions may unintentionally grant access permission to potentially unauthorized users.

    This is not a software bug, just an update of the documentation targeted at installers. This document is included in BIS installation folder since version BIS 5.0. Previous BIS version do not contain the document, but validating the security setting is generally advised.





    Information Disclosure Vulnerability in Bosch IP cameras




    • Bosch Camera Firmware





    An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

    This vulnerability was discovered by Souvik Kandar and Arko Dhar from Redinent Innovations, India




    Possible damage of secure element in Bosch IP cameras



    • Bosch Camera Firmware



    Due to an error in the software interface to the secure element chip on the cameras, the chip can be permanently damaged leading to an unusable camera when enabling the Stream security option (signing of the video stream) on Bosch CPP13 and CPP14 cameras. The default setting for this option is "off".












    .NET Remote Code Execution Vulnerability in BVMS, BIS and AMS











    • Bosch AMS
    • Bosch BIS
    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR • IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    The Bosch Video Management System (BVMS), the Bosch Access Management System (AMS), and the Bosch Building Integration System (BIS) are using a vulnerable version of the Microsoft .NET package System.Text.Encodings.Web.

    The System.Text.Encodings.Web is a NuGet package from Microsoft, and Microsoft has published an advisory to provide information about a vulnerability in System.Text.Encodings.Web.

    A remote code execution vulnerability exists in System.Text.Encodings.Web due to how text encoding is performed.









    Vulnerability in Wiegand card data interpretation



    • Bosch AMS
    • Bosch BIS




    Bosch Access Control products AMC2-4WCF and AMC2-2WCF have a firmware bug which may lead to misinterpretation of access card data that is sent from a Wiegand reader. This may in turn lead to granting physical access to an unauthorized person. This vulnerability affects only products with Wiegand interface, i.e., not devices with OSDP / RS485 interface.













    Unrestricted SSH port forwarding in BVMS













    • Bosch BVMS
    • Bosch BVMS Viewer
    • Bosch DIVAR IP 3000
    • Bosch DIVAR IP 7000 R1
    • Bosch DIVAR IP 7000 R2
    • Bosch DIVAR IP all-in-one 5000
    • Bosch DIVAR IP all-in-one 7000
    • Bosch DIVAR IP all-in-one 7000 R3
    • Bosch DIVAR IP all-in-one 4000
    • Bosch DIVAR IP all-in-one 6000

    The Bosch Video Management System is using SSH server that does not restrict a port forwarding requested by an authenticated SSH client. An authenticated SSH client can request a connection which is forwarded by the BVMS SSH server to a resource within the trusted internal network, which is normally protected from the WAN interface. The resource can be beyond the scope of the Bosch Video Management System.
















    Insecure authentication in B420 legacy communication module







    • Bosch B420









    An authentication vulnerability was found in the B420 Ethernet communication module from Bosch Security Systems. This is a legacy product which is currently obsolete and was announced to reach End on Life (EoL) on 2013.  The B420 was last sold in July 2013 and was replaced by the B426. An EoL notice was provided to customers.

    The B420 does not allow for direct access to the panel as this module does not allow direct connection to the SDI/Option Bus that communicates directly with the panel. __ However, customers that are still using this device are advised to replace it for the B426 to ensure it is connected in a secure network.

    *CVSS - Common Vulnerability Scoring System


    info.png Another option to get notifications when a new Security Advisory is published is to subscribe to the RSS Feed directly on the Bosch PSIRT Security Advisories website.

    See below how you can do that:

    1. Access the Bosch PSIRT Security Advisories website

    2. Scroll down to the RSS Feeds section on the page > right click on the Security Advisories Category you want to receive notifications for > copy the link address:



    3. Go in Outlook and search for "RSS Subscriptions" option > right click on it > select "Add a New RSS Feed"



    4. Paste the link you just copied before from the Bosch PSIRT Security Advisories website > click Add



    5. Click Yes



    6. Now, you will be notified every time when a new Security Advisory is published.

    Once the RSS Feed is added to your Outlook, you will see the latest Security Advisories. You also have the option to add this folder to Favorites.