BOSCH-SA-347336: A recently discovered security vulnerability affects the Bosch Smart Home System App for iOS. Both Bosch Smart Home Camera Apps as well as the Bosch Smart Home System App for Android are not affected. It potentially allows to intercept video contents by performing a man-in-the-middle attack. Since only connections ...
BOSCH-SA-363824-BT: Several issues have been discovered affecting the Bosch Recording Station (BRS). The critical issues apply to BRS systems which are connected to an open network. Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server. The product was ...
BOSCH-SA-645125: The S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin [1] about a weakness in the web-based administration interface for managing the device properties. By exploiting the vulnerability the device can be put into a state in which network queries ...
BOSCH-SA-885551-BT: A recently discovered security vulnerability affects the BVMS Mobile Video Service (BVMS MVS). The vulnerability is exploitable via the network interface. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and recommends customers to update the vulnerable components with fixed software versions. The vulnerability was ...
BOSCH-SA-381489-BT: A path traversal vulnerability exists in the BVMS. An authenticated BVMS user can successfully request and fetch arbitrary files from the Central Server machine using the FileTransferService. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 7.7 (High) and strongly recommends customers to update vulnerable components with ...
BOSCH-SA-815013-BT: A path traversal vulnerability exists in the BVMS NoTouch deployment. If this vulnerability is exploited an unauthenticated attacker without local shell access to a BVMS Central Server system is able to fetch arbitrary data from the file system of the Central Server computer. Under specific circumstances an attack can ...
BOSCH-SA-260625-BT: A recently discovered security vulnerability affects the Bosch Video Streaming Gateway (VSG). The vulnerability is exploitable via the network interface. An unauthorized attacker can retrieve and set arbitrary configuration data of the VSG. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and strongly recommends ...
BOSCH-SA-710832-BT: A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards. The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should ...
BOSCH-SA-844044-BT: A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards. The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should ...
BOSCH-SA-553243-BT: A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Bosch relies on a Microsoft Windows operating system for several products. Consequently, some devices are affected ...
BOSCH-SA-562575: Recently discovered security vulnerabilities affect the ProSyst mBS SDK and Bosch IoT Gateway Software. They potentially allow to access sensitive information, write and delete data on the host system and forge HTTP GET request on behalf of the server via the network interface. Bosch rates these vulnerabilities with CVSSv3 ...