October 2024
Title
DoS vulnerability on IndraDrive
Published
Oct. 31, 2024, 1 a.m.
Summary

BOSCH-SA-315415: A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.

Title
Unrestricted resource consumption in BVMS
Published
Oct. 16, 2024, 2 a.m.
Summary

BOSCH-SA-162032-BT: A vulnerability has been identified in the Bosch VMS Central Server concerning unrestricted resource consumption, leading to excessive use of disk space. The uncontrolled resource consumption can lead to a significant impact on the availability and performance of the affected system. This can result in the inability to store ...

Title
Multiple vulnerabilites in libexpat affecting PRC7000
Published
Oct. 2, 2024, 2 a.m.
Summary

BOSCH-SA-200802: Multiple vulnerabilities were discovered in the open source library \"libexpat\", affecting the XML parser functionality. These vulnerabilities allow for integer overflows and invalid negative values for buffer sizes. As this may affect the \"Import\" and \"Restore\" functionality - which use libexpat to parse XML files - of the device, ...

Title
Sensitive information disclosure in Bosch Configuration Manager
Published
Oct. 1, 2024, 2 a.m.
Summary

BOSCH-SA-981803-BT: A vulnerability was discovered during internal testing of the Bosch Configuration Manager, which may temporarily store sensitive information of the configured system.

August 2024
Title
Unauthenticated information leak in Bosch IP cameras
Published
Aug. 21, 2024, 2 a.m.
Summary

BOSCH-SA-659648: A vulnerability was discovered in internal testing of Bosch IP cameras of families CPP13 and CPP14, that allows an unauthenticated attacker to retrieve video analytics event data. No video data is leaked through this vulnerability.

Title
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Published
Aug. 7, 2024, 2 a.m.
Summary

BOSCH-SA-587194-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application. Multiple Curl vulnerabilities in the Git for Windows component have been discovered in DIVAR IP System Manager versions prior to 2.3.2, affecting several ...

July 2024
Title
"regreSSHion" OpenSSH vulnerability in PRC7000
Published
July 19, 2024, 2 a.m.
Summary

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

May 2024
Title
TI Bluetooth stack can fail to generate a resolvable Random Private Address (RPA) leading to DoS for already bonded peer devices
Published
May 28, 2024, 2 a.m.
Summary

BOSCH-SA-466062: When running Defensics test case #SMP legacy 1001 with loop mode on DUT configured as resolvable private address, after a while, the device will end up generating unresolvable random private address causing Denial of Service for already bonded peer devices. The potential vulnerability can impact Bluetooth® Low Energy devices ...

Title
Remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station
Published
May 15, 2024, 2 a.m.
Summary

BOSCH-SA-106054-BT: A remote code execution vulnerability has been found over an insecure connection in the Praesensa Logging Application, Praesideo Logging Application and Praesideo PC Call Station that allows unauthorized users to execute arbitrary code on the server machine. This exploitation can lead unauthorized access on the target system, compromising the ...

March 2024
Title
Command Injection in Bosch Network Synchronizer
Published
March 20, 2024, 1 a.m.
Summary

BOSCH-SA-152190-BT: A Command Injection vulnerability has been uncovered in the diagnostics interface of the Bosch Network Synchronizer. This vulnerability allows unauthorized users full access to the device.

Title
RPS and RPS-LITE operator and communication process vulnerabilities.
Published
March 13, 2024, 1 a.m.
Summary

BOSCH-SA-099637-BT: Security vulnerabilities related to password use, management and communication processes in RPS and RPS-LITE introduce potential for a malicious user to compromise the software. Bosch recommends to update to the latest version as soon as possible.

Title
BVMS affected by Autodesk Design Review Multiple Vulnerabilities
Published
March 13, 2024, 1 a.m.
Summary

BOSCH-SA-246962-BT: BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the ...

Title
Multiple OpenSSL vulnerabilities in BVMS
Published
March 6, 2024, 1 a.m.
Summary

BOSCH-SA-090577-BT: BVMS is using a Device Adapter service for communication with Tattile cameras which is also active when no Tattile cameras are added in the BVMS installation. This service uses an OpenSSL library, which has multiple vulnerabilities as published by OpenSSL. When successfully exploited, these vulnerabilities could lead to command ...

Title
Git for Windows Multiple Security Vulnerabilities in Bosch DIVAR IP all-in-one Devices
Published
March 6, 2024, 1 a.m.
Summary

BOSCH-SA-637386-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application.\Multiple Git for Windows vulnerabilities have been discovered in DIVAR IP System Manager versions prior to 2.3.0, affecting several Bosch DIVAR IP all-in-one models.

January 2024
Title
Open Port 8899 in BCC Thermostat Product
Published
Jan. 9, 2024, 1 a.m.
Summary

BOSCH-SA-473852: A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat products, which allows an un-authencated connection from a local WiFi network.

Title
Multiple vulnerabilities in Nexo cordless nutrunner
Published
Jan. 8, 2024, 1 a.m.
Summary

BOSCH-SA-711465: The Nexo cordless nutrunner running NEXO-OS V1500-SP2 has some vulnerabilities which allows an attacker: - to read/upload/download/delete arbitrary files in all paths of the system, - to inject and execute arbitrary client-side script code, arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim's session, - to ...

December 2023
Title
Command injection vulnerability in Bosch IP Cameras
Published
Dec. 13, 2023, 1 a.m.
Summary

BOSCH-SA-638184-BT: A vulnerability was discovered in Bosch IP cameras of families CPP13 and CPP14, that allows an authenticated user with administrative rights to execute arbitrary commands in the operating system of the camera.

Title
Denial of Service vulnerability in Bosch BT software products
Published
Dec. 13, 2023, 1 a.m.
Summary

BOSCH-SA-092656-BT: An security vulnerability discovered in Bosch internal tests allows an unauthenticated attacker to interrupt normal functions and cause a Denial of Service / DoS.Bosch rates this vulnerability with a CVSSv3.1 base scores of 7.5 (High) for products using the vulnerable function as a server and 5.9 (medium) for products ...

November 2023
Title
Multiple vulnerabilities on ctrlX HMI / WR21
Published
Nov. 21, 2023, 1 a.m.
Summary

BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication ...

October 2023
Title
Multiple vulnerabilities on ctrlX HMI Web Panel - WR21
Published
Oct. 25, 2023, 2 a.m.
Summary

BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.Furthermore, the ...

Title
Vulnerability in SICK Flexi Soft Gateway
Published
Oct. 24, 2023, 2 a.m.
Summary

BOSCH-SA-164691: The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin \[1\] regarding an authentication bypass by capture-replay. Exploiting the vulnerability would allow an unauthenticated attacker to login to the gateways by sending specially crafted packets and potentially impact the availability, integrity and ...

Title
Multiple vulnerabilities in ctrlX WR21 HMI
Published
Oct. 20, 2023, 2 a.m.
Summary

BOSCH-SA-175607: The operating system of the ctrlX WR21 HMI has several vulnerabilities when the Kiosk mode is used in conjunction with Google Chrome. In worst case, an attacker with physical access to the device might gain full root access without prior authentication by combining the exploitation of those vulnerabilities.

August 2023
Title
Remote Code Execution in RTS VLink Virtual Matrix
Published
Aug. 30, 2023, 2 a.m.
Summary

BOSCH-SA-893251-BT: A security vulnerability has been uncovered in the admin interface of the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack.Versions v5 (\< 5.7.6) and v6 (\< 6.5.0) of the RTS VLink Virtual Matrix Software are affected by this vulnerability. Older versions are ...

July 2023
Title
Vulnerability in the interface module SLC-0-GPNT00300
Published
July 4, 2023, 2 a.m.
Summary

BOSCH-SA-894143: The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin \[1\] regarding the missing authentication for a critical function. Exploiting the vulnerability would allow an unauthenticated attacker to change the IP address of the device and affect the availability of the module.

Title
Security Advisory for the FL MGUARD family of devices
Published
July 4, 2023, 2 a.m.
Summary

BOSCH-SA-833074: The FL MGUARD family devices sold by Bosch Rexroth are devices from Phoenix Contact that have been introduced as trade goods. A security advisory has been published by the manufacturer, which indicates that the devices are affected by two vulnerabilities regarding RSA decryption and MAC filtering. \[1\] Parts No. ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
03.12.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds