BOSCH-SA-085467-BT: MAP 5000 is affected by an OpenSSH vulnerability which is enabled in a backwards compatibility mode. It allows remote attackers to cause a denial-of-service (DoS) by crashing the panel.
BOSCH-SA-873110-BT: The TLS server implementation in MAP 5000 was found to use outdated settings for cryptography. The resulting weakness in the TLS protocol key exchange (Diffie-Hellman) allows an attacker to passively decrypt or intercept and manipulate secured communication. It is estimated that the required resources for a successful attack restrict …
BOSCH-SA-688644-BT: The MAP 5000 is susceptible to multiple vulnerabilities. Vulnerability CVE-2021-3449 can lead to system crashes caused by DoS attacks. Such vulnerabilities allow malicious actors to disrupt service, resulting in downtime and loss of access for legitimate users, which can severely impact business operations. Vulnerability CVE-2023-48795 constitutes a weakness in …
BOSCH-SA-359440-BT: A security issue has been identified in the Bosch MAP 5000 family of products, which stems from the use of insecure cryptographic algorithms in the SSH service configuration. It may expose systems to cryptographic attacks, unauthorized access, or data leakage.
BOSCH-SA-757244: Several fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin about a weakness in the web-based administration interface. A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured …
BOSCH-SA-129652: Vulnerabilities in ctrlX OS - Setup
BOSCH-SA-992447-BT: A security vulnerability has been uncovered in the REST API of the Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack. All versions < 1.3.0 of the Telex Remote Dispatch Console Server are affected by this …
BOSCH-SA-640452: The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands running with higher privileges. The vulnerabilities have been uncovered and disclosed responsibly by Nozomi. We thank them for making …