Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for DIVAR IP 7000 R2 by Bosch

    VAR-202312-1220

    Vulnerability from variot - Updated: 2024-08-14 14:42

    An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. building integration system video engine , bosch video management system , Bosch BVMS Viewer etc. multiple Robert Bosch GmbH There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202312-1220",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "onvif camera event driver tool",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "2.0.0.8"
          },
          {
            "model": "video management system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "divar ip all-in-one 6000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "divar ip all-in-one 7000 r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "building integration system video engine",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "5.0.1"
          },
          {
            "model": "configuration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.62"
          },
          {
            "model": "project assistant",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "2.3"
          },
          {
            "model": "video security client",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "3.3.5"
          },
          {
            "model": "divar ip all-in-one 5000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "divar ip all-in-one 7000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "divar ip all-in-one 4000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "divar ip 7000 r2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "intelligent insights",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "1.0.3.14"
          },
          {
            "model": "video management system viewer",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "12.0"
          },
          {
            "model": "bvms viewer",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "video management system",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip all-in-one 5000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "project assistant",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip all-in-one 4000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip all-in-one 6000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip all-in-one 7000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 7000 r2",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip all-in-one 7000 r3",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "building integration system video engine",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "video security client",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "intelligent insights",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "onvif camera event driver tool",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "cve": "CVE-2023-35867",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2023-35867",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2023-35867",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-35867",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@bosch.com",
                "id": "CVE-2023-35867",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-35867",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. building integration system video engine , bosch video management system , Bosch BVMS Viewer etc. multiple Robert Bosch GmbH There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-35867",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "id": "VAR-202312-1220",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28333333
      },
      "last_update_date": "2024-08-14T14:42:54.637000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-703",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://psirt.bosch.com/security-advisories/bosch-sa-092656-bt.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-35867"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "date": "2023-12-18T13:15:07.010000",
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-16T03:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          },
          {
            "date": "2023-12-22T20:13:40.507000",
            "db": "NVD",
            "id": "CVE-2023-35867"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Robert\u00a0Bosch\u00a0GmbH\u00a0 Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-020269"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202306-1304

    Vulnerability from variot - Updated: 2024-08-14 14:01

    Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Bosch Video Management System (BVMS) , Bosch BVMS Viewer , divar ip 3000 firmware etc. Robert Bosch GmbH The product contains an incorrect authentication vulnerability.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202306-1304",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "video management system viewer",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.5"
          },
          {
            "model": "divar ip 7000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "8.0"
          },
          {
            "model": "divar ip 7000 r3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "divar ip 3000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "8.0"
          },
          {
            "model": "divar ip 5000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "divar ip 3000",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.5"
          },
          {
            "model": "divar ip 7000 r2",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.5"
          },
          {
            "model": "divar ip 7000",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.5"
          },
          {
            "model": "video management system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "video management system viewer",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "divar ip 7000 r3",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "10.1.1"
          },
          {
            "model": "divar ip 6000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "divar ip 7000 r2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "divar ip 5000",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "9.0"
          },
          {
            "model": "video management system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "7.5"
          },
          {
            "model": "divar ip 4000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "11.1.1"
          },
          {
            "model": "video management system",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 7000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 6000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "bvms viewer",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 4000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 7000 r3",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 7000 r2",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          },
          {
            "model": "divar ip 5000",
            "scope": null,
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "cve": "CVE-2023-28175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2023-28175",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@bosch.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2023-28175",
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.7,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-28175",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-28175",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@bosch.com",
                "id": "CVE-2023-28175",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-28175",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202306-1186",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Bosch Video Management System (BVMS) , Bosch BVMS Viewer , divar ip 3000 firmware etc. Robert Bosch GmbH The product contains an incorrect authentication vulnerability.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-28175"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-28175",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-28175",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-28175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "id": "VAR-202306-1304",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28333333
      },
      "last_update_date": "2024-08-14T14:01:47.179000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bosch Video Management System Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244463"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://psirt.bosch.com/security-advisories/bosch-sa-025794-bt.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28175"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-28175/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-28175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-28175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-28175"
          },
          {
            "date": "2023-12-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "date": "2023-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "date": "2023-06-15T11:15:09.227000",
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-28175"
          },
          {
            "date": "2023-12-22T08:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          },
          {
            "date": "2023-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          },
          {
            "date": "2023-07-05T13:25:06.167000",
            "db": "NVD",
            "id": "CVE-2023-28175"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Robert\u00a0Bosch\u00a0GmbH\u00a0 Fraudulent Authentication Vulnerability in Products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-014290"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-1186"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-35867 (GCVE-0-2023-35867)

    Vulnerability from nvd – Published: 2023-12-18 12:59 – Updated: 2024-08-02 16:30
    VLAI
    Summary
    An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:45.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Configuration Manager",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "7.62",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000 R3",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 4000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 6000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Project Assistant",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Video Security Client",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS Video Engine",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Intelligent Insights",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ONVIF Camera Event Driver Tool",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T12:59:48.604Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-35867",
        "datePublished": "2023-12-18T12:59:48.604Z",
        "dateReserved": "2023-06-19T09:15:32.387Z",
        "dateUpdated": "2024-08-02T16:30:45.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23861 (GCVE-0-2021-23861)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 17:49
    VLAI
    Title
    Possible Access to Debug Functions in Bosch VRM / BVMS
    Summary
    By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489 Active Debug Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:32.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Possible Access to Debug Functions in Bosch VRM / BVMS",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23861",
              "STATE": "PUBLIC",
              "TITLE": "Possible Access to Debug Functions in Bosch VRM / BVMS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-489 Active Debug Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23861",
        "datePublished": "2021-12-08T21:17:32.737Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:49:16.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23860 (GCVE-0-2021-23860)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-17 03:52
    VLAI
    Title
    Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS
    Summary
    An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:28.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23860",
              "STATE": "PUBLIC",
              "TITLE": "Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23860",
        "datePublished": "2021-12-08T21:17:28.106Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:52:42.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23859 (GCVE-0-2021-23859)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:45
    VLAI
    Title
    Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
    Summary
    An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VRM Exporter Affected: 2.1 , ≤ 2.10.0008 (custom)
    Create a notification for this product.
    Bosch APE Affected: unspecified , ≤ 3.8.x.x (custom)
    Create a notification for this product.
    Bosch AEC Affected: unspecified , ≤ 2.9.1.x (custom)
    Create a notification for this product.
    Bosch BIS Affected: unspecified , ≤ 4.9 (custom)
    Affected: unspecified , ≤ 4.8 (custom)
    Affected: unspecified , ≤ 4.7 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VRM Exporter",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0008",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "APE",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.x.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AEC",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.1.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "4.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:23.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23859",
              "STATE": "PUBLIC",
              "TITLE": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM Exporter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.1",
                                "version_value": "2.10.0008"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "APE",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.8.x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AEC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.9.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23859",
        "datePublished": "2021-12-08T21:17:23.528Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:45:43.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6785 (GCVE-0-2020-6785)

    Vulnerability from nvd – Published: 2021-03-25 15:49 – Updated: 2024-09-17 00:35
    VLAI
    Title
    Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
    Summary
    Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , < 9.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch BVMS Viewer Affected: unspecified , < 9.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Date Public
    2021-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2021-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim\u0027s system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-25T15:49:53.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-835563-BT",
            "discovery": "INTERNAL"
          },
          "title": "Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-03-24",
              "ID": "CVE-2020-6785",
              "STATE": "PUBLIC",
              "TITLE": "Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BVMS Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim\u0027s system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427 Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-835563-BT",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2020-6785",
        "datePublished": "2021-03-25T15:49:54.005Z",
        "dateReserved": "2020-01-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:35:36.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35867 (GCVE-0-2023-35867)

    Vulnerability from cvelistv5 – Published: 2023-12-18 12:59 – Updated: 2024-08-02 16:30
    VLAI
    Summary
    An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:45.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Configuration Manager",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "7.62",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000 R3",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 4000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 6000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Project Assistant",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Video Security Client",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS Video Engine",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Intelligent Insights",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "ONVIF Camera Event Driver Tool",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T12:59:48.604Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-35867",
        "datePublished": "2023-12-18T12:59:48.604Z",
        "dateReserved": "2023-06-19T09:15:32.387Z",
        "dateUpdated": "2024-08-02T16:30:45.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23861 (GCVE-0-2021-23861)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 17:49
    VLAI
    Title
    Possible Access to Debug Functions in Bosch VRM / BVMS
    Summary
    By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489 Active Debug Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:32.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Possible Access to Debug Functions in Bosch VRM / BVMS",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23861",
              "STATE": "PUBLIC",
              "TITLE": "Possible Access to Debug Functions in Bosch VRM / BVMS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-489 Active Debug Code"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23861",
        "datePublished": "2021-12-08T21:17:32.737Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:49:16.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23860 (GCVE-0-2021-23860)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-17 03:52
    VLAI
    Title
    Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS
    Summary
    An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.832Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:28.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23860",
              "STATE": "PUBLIC",
              "TITLE": "Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23860",
        "datePublished": "2021-12-08T21:17:28.106Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:52:42.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23859 (GCVE-0-2021-23859)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:45
    VLAI
    Title
    Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
    Summary
    An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VRM Exporter Affected: 2.1 , ≤ 2.10.0008 (custom)
    Create a notification for this product.
    Bosch APE Affected: unspecified , ≤ 3.8.x.x (custom)
    Create a notification for this product.
    Bosch AEC Affected: unspecified , ≤ 2.9.1.x (custom)
    Create a notification for this product.
    Bosch BIS Affected: unspecified , ≤ 4.9 (custom)
    Affected: unspecified , ≤ 4.8 (custom)
    Affected: unspecified , ≤ 4.7 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VRM Exporter",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0008",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "APE",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.x.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AEC",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.1.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "4.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:23.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23859",
              "STATE": "PUBLIC",
              "TITLE": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM Exporter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.1",
                                "version_value": "2.10.0008"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "APE",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.8.x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AEC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.9.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23859",
        "datePublished": "2021-12-08T21:17:23.528Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:45:43.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6785 (GCVE-0-2020-6785)

    Vulnerability from cvelistv5 – Published: 2021-03-25 15:49 – Updated: 2024-09-17 00:35
    VLAI
    Title
    Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
    Summary
    Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , < 9.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch BVMS Viewer Affected: unspecified , < 9.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Date Public
    2021-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:05.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2021-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim\u0027s system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-25T15:49:53.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-835563-BT",
            "discovery": "INTERNAL"
          },
          "title": "Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-03-24",
              "ID": "CVE-2020-6785",
              "STATE": "PUBLIC",
              "TITLE": "Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BVMS Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim\u0027s system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427 Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-835563-BT",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2020-6785",
        "datePublished": "2021-03-25T15:49:54.005Z",
        "dateReserved": "2020-01-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:35:36.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }