Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for videojet_decoder_7513_firmware by bosch

    CVE-2023-32230 (GCVE-0-2023-32230)

    Vulnerability from nvd – Published: 2023-12-18 12:58 – Updated: 2024-08-02 15:10
    VLAI
    Summary
    An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Video Recording Manager Affected: 0 , ≤ 04.10.0079 (custom)
    Create a notification for this product.
    Bosch Video Streaming Gateway Affected: 0 , ≤ 8.1.2.2 (custom)
    Affected: 9.0.0 , ≤ 9.0.0.178 (custom)
    Create a notification for this product.
    Bosch Monitorwall Affected: 0 , ≤ 10.00.0164 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: 0 , ≤ 10.40.0055 (custom)
    Create a notification for this product.
    Bosch VJD-7523 Affected: 0 , ≤ 10.40.0055 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Video Recording Manager",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "04.10.0079",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Video Streaming Gateway",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.0.178",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Monitorwall",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.00.0164",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.40.0055",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7523",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.40.0055",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T12:58:08.690Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-32230",
        "datePublished": "2023-12-18T12:58:08.690Z",
        "dateReserved": "2023-05-04T21:01:16.508Z",
        "dateUpdated": "2024-08-02T15:10:24.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32540 (GCVE-0-2022-32540)

    Vulnerability from nvd – Published: 2022-09-30 16:38 – Updated: 2025-05-20 16:15
    VLAI
    Summary
    Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: 11.1 , ≤ 11.1.0 (custom)
    Affected: 11.0 , ≤ 11.0.0 (custom)
    Affected: 10.1 , ≤ 10.1.1 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: 10.23.0002
    Affected: 10.30.0005
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32540",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:15:26.762937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:15:31.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.0",
                  "status": "affected",
                  "version": "11.1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.23.0002"
                },
                {
                  "status": "affected",
                  "version": "10.30.0005"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-30T16:38:54.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "ID": "CVE-2022-32540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "11.1",
                                "version_value": "11.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10.23.0002"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.30.0005"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2022-32540",
        "datePublished": "2022-09-30T16:38:54.000Z",
        "dateReserved": "2022-06-07T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:15:31.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32230 (GCVE-0-2023-32230)

    Vulnerability from cvelistv5 – Published: 2023-12-18 12:58 – Updated: 2024-08-02 15:10
    VLAI
    Summary
    An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Video Recording Manager Affected: 0 , ≤ 04.10.0079 (custom)
    Create a notification for this product.
    Bosch Video Streaming Gateway Affected: 0 , ≤ 8.1.2.2 (custom)
    Affected: 9.0.0 , ≤ 9.0.0.178 (custom)
    Create a notification for this product.
    Bosch Monitorwall Affected: 0 , ≤ 10.00.0164 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: 0 , ≤ 10.40.0055 (custom)
    Create a notification for this product.
    Bosch VJD-7523 Affected: 0 , ≤ 10.40.0055 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.221Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Video Recording Manager",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "04.10.0079",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Video Streaming Gateway",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "9.0.0.178",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Monitorwall",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.00.0164",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.40.0055",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7523",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.40.0055",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-18T12:58:08.690Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-32230",
        "datePublished": "2023-12-18T12:58:08.690Z",
        "dateReserved": "2023-05-04T21:01:16.508Z",
        "dateUpdated": "2024-08-02T15:10:24.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32540 (GCVE-0-2022-32540)

    Vulnerability from cvelistv5 – Published: 2022-09-30 16:38 – Updated: 2025-05-20 16:15
    VLAI
    Summary
    Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: 11.1 , ≤ 11.1.0 (custom)
    Affected: 11.0 , ≤ 11.0.0 (custom)
    Affected: 10.1 , ≤ 10.1.1 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: 10.23.0002
    Affected: 10.30.0005
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32540",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-20T16:15:26.762937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T16:15:31.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "11.1.0",
                  "status": "affected",
                  "version": "11.1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.23.0002"
                },
                {
                  "status": "affected",
                  "version": "10.30.0005"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-30T16:38:54.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "ID": "CVE-2022-32540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "11.1",
                                "version_value": "11.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "10.23.0002"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "10.30.0005"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-464066.html"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2022-32540",
        "datePublished": "2022-09-30T16:38:54.000Z",
        "dateReserved": "2022-06-07T00:00:00.000Z",
        "dateUpdated": "2025-05-20T16:15:31.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }