Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for videojet_decoder_8000_firmware by bosch

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23862 (GCVE-0-2021-23862)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:30
    VLAI
    Title
    Authenticated Remote Code Execution
    Summary
    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VJD-8000 Affected: unspecified , ≤ 10.01.0036 (custom)
    Create a notification for this product.
    Bosch VJD-7513 Affected: unspecified , ≤ 10.22.0038 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-8000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.01.0036",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VJD-7513",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "10.22.0038",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:37.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated Remote Code Execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23862",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated Remote Code Execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-8000",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.01.0036"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VJD-7513",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "10.22.0038"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23862",
        "datePublished": "2021-12-08T21:17:37.519Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:25.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }