Search

Find a vulnerability

Search criteria

    213 vulnerabilities by Bosch

    CVE-2024-33618 (GCVE-0-2024-33618)

    Vulnerability from nvd – Published: 2026-04-15 09:51 – Updated: 2026-04-15 13:09
    VLAI
    Summary
    Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T13:09:08.201665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T13:09:13.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 7000 R3",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 4000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "11.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 6000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "11.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T09:51:52.722Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2024-33618",
        "datePublished": "2026-04-15T09:51:52.722Z",
        "dateReserved": "2024-06-17T09:19:04.535Z",
        "dateUpdated": "2026-04-15T13:09:13.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60038 (GCVE-0-2025-60038)

    Vulnerability from nvd – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:23
    VLAI
    Summary
    A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:23:09.634940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:23:44.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:03:49.403Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60038",
        "datePublished": "2026-02-18T14:03:49.403Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:23:44.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60037 (GCVE-0-2025-60037)

    Vulnerability from nvd – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:34
    VLAI
    Summary
    A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60037",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:33:58.525366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:34:07.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:03:19.807Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60037",
        "datePublished": "2026-02-18T14:03:19.807Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:34:07.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60036 (GCVE-0-2025-60036)

    Vulnerability from nvd – Published: 2026-02-18 14:02 – Updated: 2026-02-18 14:41
    VLAI
    Summary
    A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Rexroth IndraWorks Affected: 0 , < 15V24 (custom)
    Create a notification for this product.
    Bosch Rexroth UA.Testclient Affected: 0 , < 2.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:41:16.480158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:41:24.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "15V24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UA.Testclient",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "2.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:02:37.184Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60036",
        "datePublished": "2026-02-18T14:02:37.184Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:41:24.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60035 (GCVE-0-2025-60035)

    Vulnerability from nvd – Published: 2026-02-18 14:01 – Updated: 2026-02-18 14:41
    VLAI
    Summary
    A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Rexroth IndraWorks Affected: 0 , < 15V24 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:41:48.116030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:41:54.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "15V24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:01:59.030Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60035",
        "datePublished": "2026-02-18T14:01:59.030Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:41:54.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32063 (GCVE-0-2025-32063)

    Vulnerability from nvd – Published: 2026-02-15 10:48 – Updated: 2026-02-17 17:07
    VLAI
    Title
    Enabling SSH server on Infotainment ECU
    Summary
    There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T16:43:14.113662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T17:07:10.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-578",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-578 Disable Security Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:48:34.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enabling SSH server on Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32063",
        "datePublished": "2026-02-15T10:48:34.125Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T17:07:10.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32062 (GCVE-0-2025-32062)

    Vulnerability from nvd – Published: 2026-02-15 10:47 – Updated: 2026-02-17 20:09
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:09:20.305155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:09:28.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:47:57.740Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32062",
        "datePublished": "2026-02-15T10:47:57.740Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:09:28.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32061 (GCVE-0-2025-32061)

    Vulnerability from nvd – Published: 2026-02-15 10:47 – Updated: 2026-02-17 20:08
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:07:52.971119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:08:17.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:47:15.555Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32061",
        "datePublished": "2026-02-15T10:47:15.555Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:08:17.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32060 (GCVE-0-2025-32060)

    Vulnerability from nvd – Published: 2026-02-15 10:46 – Updated: 2026-02-17 20:07
    VLAI
    Title
    Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU
    Summary
    The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:07:32.768943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:07:40.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:46:23.570Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32060",
        "datePublished": "2026-02-15T10:46:23.570Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:07:40.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32059 (GCVE-0-2025-32059)

    Vulnerability from nvd – Published: 2026-02-15 10:45 – Updated: 2026-02-17 20:06
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:06:39.209429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:06:48.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:45:42.900Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32059",
        "datePublished": "2026-02-15T10:45:42.900Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:06:48.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32058 (GCVE-0-2025-32058)

    Vulnerability from nvd – Published: 2026-02-15 10:44 – Updated: 2026-02-17 20:02
    VLAI
    Title
    Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU
    Summary
    The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCAutomotive Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:02:29.752256Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:02:42.408Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCAutomotive Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:44:48.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32058",
        "datePublished": "2026-02-15T10:44:48.125Z",
        "dateReserved": "2025-04-03T15:32:43.281Z",
        "dateUpdated": "2026-02-17T20:02:42.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32057 (GCVE-0-2025-32057)

    Vulnerability from nvd – Published: 2026-01-22 15:22 – Updated: 2026-01-22 15:43
    VLAI
    Title
    Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU
    Summary
    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:42:55.389269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:43:11.681Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T15:22:21.626Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32057",
        "datePublished": "2026-01-22T15:22:21.626Z",
        "dateReserved": "2025-04-03T15:32:43.281Z",
        "dateUpdated": "2026-01-22T15:43:11.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32056 (GCVE-0-2025-32056)

    Vulnerability from nvd – Published: 2026-01-22 15:21 – Updated: 2026-01-22 15:44
    VLAI
    Title
    Anti-Theft Bypass for Infotainment ECU
    Summary
    The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1241 - Use of Predictable Algorithm in Random Number Generator
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E (283C30861E)
    Create a notification for this product.
    Credits
    Polina Smirnova (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:44:24.806159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:44:40.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E",
                  "versionType": "283C30861E"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bosch:infotainment_system_ecu:283c30861e:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Polina Smirnova (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\u003cbr\u003e\u003cbr\u003eFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1241",
                  "description": "CWE-1241: Use of Predictable Algorithm in Random Number Generator",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T15:21:21.945Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Anti-Theft Bypass for Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32056",
        "datePublished": "2026-01-22T15:21:21.945Z",
        "dateReserved": "2025-04-03T15:32:43.280Z",
        "dateUpdated": "2026-01-22T15:44:40.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33618 (GCVE-0-2024-33618)

    Vulnerability from cvelistv5 – Published: 2026-04-15 09:51 – Updated: 2026-04-15 13:09
    VLAI
    Summary
    Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T13:09:08.201665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T13:09:13.468Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BVMS Viewer",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 7000 R3",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bosch DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 4000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "11.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 6000",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.1",
                  "status": "affected",
                  "version": "11.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T09:51:52.722Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2024-33618",
        "datePublished": "2026-04-15T09:51:52.722Z",
        "dateReserved": "2024-06-17T09:19:04.535Z",
        "dateUpdated": "2026-04-15T13:09:13.468Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60038 (GCVE-0-2025-60038)

    Vulnerability from cvelistv5 – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:23
    VLAI
    Summary
    A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:23:09.634940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:23:44.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:03:49.403Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60038",
        "datePublished": "2026-02-18T14:03:49.403Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:23:44.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60037 (GCVE-0-2025-60037)

    Vulnerability from cvelistv5 – Published: 2026-02-18 14:03 – Updated: 2026-02-18 14:34
    VLAI
    Summary
    A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60037",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:33:58.525366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:34:07.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:03:19.807Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60037",
        "datePublished": "2026-02-18T14:03:19.807Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:34:07.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60036 (GCVE-0-2025-60036)

    Vulnerability from cvelistv5 – Published: 2026-02-18 14:02 – Updated: 2026-02-18 14:41
    VLAI
    Summary
    A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Rexroth IndraWorks Affected: 0 , < 15V24 (custom)
    Create a notification for this product.
    Bosch Rexroth UA.Testclient Affected: 0 , < 2.9.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:41:16.480158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:41:24.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "15V24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "UA.Testclient",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "2.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:02:37.184Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60036",
        "datePublished": "2026-02-18T14:02:37.184Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:41:24.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60035 (GCVE-0-2025-60035)

    Vulnerability from cvelistv5 – Published: 2026-02-18 14:01 – Updated: 2026-02-18 14:41
    VLAI
    Summary
    A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch Rexroth IndraWorks Affected: 0 , < 15V24 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T14:41:48.116030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T14:41:54.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IndraWorks",
              "vendor": "Bosch Rexroth",
              "versions": [
                {
                  "lessThan": "15V24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability\u00a0has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user\u0027s system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-18T14:01:59.030Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2025-60035",
        "datePublished": "2026-02-18T14:01:59.030Z",
        "dateReserved": "2025-09-25T12:06:05.896Z",
        "dateUpdated": "2026-02-18T14:41:54.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32063 (GCVE-0-2025-32063)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:48 – Updated: 2026-02-17 17:07
    VLAI
    Title
    Enabling SSH server on Infotainment ECU
    Summary
    There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T16:43:14.113662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T17:07:10.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-578",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-578 Disable Security Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:48:34.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Enabling SSH server on Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32063",
        "datePublished": "2026-02-15T10:48:34.125Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T17:07:10.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32062 (GCVE-0-2025-32062)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:47 – Updated: 2026-02-17 20:09
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:09:20.305155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:09:28.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:47:57.740Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32062",
        "datePublished": "2026-02-15T10:47:57.740Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:09:28.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32061 (GCVE-0-2025-32061)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:47 – Updated: 2026-02-17 20:08
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:07:52.971119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:08:17.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:47:15.555Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32061",
        "datePublished": "2026-02-15T10:47:15.555Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:08:17.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32060 (GCVE-0-2025-32060)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:46 – Updated: 2026-02-17 20:07
    VLAI
    Title
    Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU
    Summary
    The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:07:32.768943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:07:40.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:46:23.570Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32060",
        "datePublished": "2026-02-15T10:46:23.570Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:07:40.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32059 (GCVE-0-2025-32059)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:45 – Updated: 2026-02-17 20:06
    VLAI
    Title
    Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
    Summary
    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Mikhail Evdokimov (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:06:39.209429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:06:48.488Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mikhail Evdokimov (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:45:42.900Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32059",
        "datePublished": "2026-02-15T10:45:42.900Z",
        "dateReserved": "2025-04-03T15:32:43.282Z",
        "dateUpdated": "2026-02-17T20:06:48.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32058 (GCVE-0-2025-32058)

    Vulnerability from cvelistv5 – Published: 2026-02-15 10:44 – Updated: 2026-02-17 20:02
    VLAI
    Title
    Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU
    Summary
    The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCAutomotive Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T20:02:29.752256Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T20:02:42.408Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCAutomotive Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-15T10:44:48.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Overflow in processing requests over INC interface on RH850 side of Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32058",
        "datePublished": "2026-02-15T10:44:48.125Z",
        "dateReserved": "2025-04-03T15:32:43.281Z",
        "dateUpdated": "2026-02-17T20:02:42.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32057 (GCVE-0-2025-32057)

    Vulnerability from cvelistv5 – Published: 2026-01-22 15:22 – Updated: 2026-01-22 15:43
    VLAI
    Title
    Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU
    Summary
    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E
    Create a notification for this product.
    Credits
    Radu Motspan (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:42:55.389269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:43:11.681Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radu Motspan (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\u003cbr\u003e\u003cbr\u003e\n\nFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T15:22:21.626Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32057",
        "datePublished": "2026-01-22T15:22:21.626Z",
        "dateReserved": "2025-04-03T15:32:43.281Z",
        "dateUpdated": "2026-01-22T15:43:11.681Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32056 (GCVE-0-2025-32056)

    Vulnerability from cvelistv5 – Published: 2026-01-22 15:21 – Updated: 2026-01-22 15:44
    VLAI
    Title
    Anti-Theft Bypass for Infotainment ECU
    Summary
    The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1241 - Use of Predictable Algorithm in Random Number Generator
    Assigner
    Impacted products
    Vendor Product Version
    Bosch Infotainment system ECU Affected: 283C30861E (283C30861E)
    Create a notification for this product.
    Credits
    Polina Smirnova (PCA Cyber Security Assessment Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:44:24.806159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:44:40.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Infotainment system ECU",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "283C30861E",
                  "versionType": "283C30861E"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bosch:infotainment_system_ecu:283c30861e:*:linux:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Polina Smirnova (PCA Cyber Security Assessment Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\u003cbr\u003e\u003cbr\u003eFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1241",
                  "description": "CWE-1241: Use of Predictable Algorithm in Random Number Generator",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T15:21:21.945Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Anti-Theft Bypass for Infotainment ECU",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2025-32056",
        "datePublished": "2026-01-22T15:21:21.945Z",
        "dateReserved": "2025-04-03T15:32:43.280Z",
        "dateUpdated": "2026-01-22T15:44:40.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201607-0381

    Vulnerability from variot - Updated: 2025-04-12 23:04

    Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI (Human Machine Interface) system from Rexroth Bosch, Germany. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0381",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bladecontrol-webvis",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "3.0.2"
          },
          {
            "model": "bosch bladecontrol",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "rexroth",
            "version": "\u003c=3.0.2"
          },
          {
            "model": "bladecontrol-webvis",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "bosch rexroth",
            "version": "3.0.2"
          },
          {
            "model": "bladecontrol-webvis",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "rexroth",
            "version": "3.0.2"
          },
          {
            "model": "bosch bladecontrol-webvis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rexroth",
            "version": "3.0.2"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:rexroth:bladecontrol-webvis",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-4508",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-4508",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04593",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-4508",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-4508",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-4508",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-4508",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04593",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201607-025",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI (Human Machine Interface) system from Rexroth Bosch, Germany. \nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4508",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-187-01",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "91572",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "76FB0F44-9EA6-40E7-AC92-C08A9D8AC261",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "id": "VAR-201607-0381",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:04:13.515000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.boschrexroth.com/"
          },
          {
            "title": "Patch for Rexroth Bosch BLADEcontrol Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/78678"
          },
          {
            "title": "Rexroth Bosch BLADEcontrol Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=62618"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-187-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4508"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4508"
          },
          {
            "trust": 0.3,
            "url": "https://www.boschrexroth.com/en/xc/home/index"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-07T00:00:00",
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "date": "2016-07-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "date": "2016-07-05T00:00:00",
            "db": "BID",
            "id": "91572"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "date": "2016-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "date": "2016-07-06T14:59:03.487000",
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-08-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "date": "2016-07-05T00:00:00",
            "db": "BID",
            "id": "91572"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003494"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-4508"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Rexroth Bosch BLADEcontrol Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "76fb0f44-9ea6-40e7-ac92-c08a9d8ac261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04593"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-025"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201607-0380

    Vulnerability from variot - Updated: 2025-04-12 23:04

    SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol-WebVIS is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Rexroth Bosch BLADEcontrol-WebVIS version 3.0.2 and earlier are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0380",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bladecontrol-webvis",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "3.0.2"
          },
          {
            "model": "bladecontrol-webvis",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "bosch rexroth",
            "version": "3.0.2"
          },
          {
            "model": "bosch bladecontrol",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "rexroth",
            "version": "\u003c=3.0.2"
          },
          {
            "model": "bladecontrol-webvis",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "rexroth",
            "version": "3.0.2"
          },
          {
            "model": "bosch bladecontrol-webvis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rexroth",
            "version": "3.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bladecontrol webvis",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:rexroth:bladecontrol-webvis",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-4507",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-4507",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-04594",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.1,
                "id": "CVE-2016-4507",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-4507",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-4507",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-4507",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04594",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201607-024",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol-WebVIS is prone to SQL-injection and cross-site scripting vulnerabilities. \nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nRexroth Bosch BLADEcontrol-WebVIS version 3.0.2 and earlier are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4507",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-187-01",
            "trust": 3.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "91572",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "B66FED74-E827-4D0E-92FD-D480E595C9F6",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "id": "VAR-201607-0380",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:04:13.472000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.boschrexroth.com/"
          },
          {
            "title": "Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/78679"
          },
          {
            "title": "Rexroth Bosch BLADEcontrol SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=62617"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-187-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4507"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4507"
          },
          {
            "trust": 0.3,
            "url": "https://www.boschrexroth.com/en/xc/home/index"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "db": "BID",
            "id": "91572"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-07T00:00:00",
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "date": "2016-07-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "date": "2016-07-05T00:00:00",
            "db": "BID",
            "id": "91572"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "date": "2016-07-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "date": "2016-07-06T14:59:02.503000",
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04594"
          },
          {
            "date": "2016-07-05T00:00:00",
            "db": "BID",
            "id": "91572"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-4507"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bosch Rexroth BLADEcontrol-WebVIS In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003493"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "b66fed74-e827-4d0e-92fd-d480e595c9f6"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-024"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201905-0919

    Vulnerability from variot - Updated: 2025-01-30 22:39

    A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0919",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart home controller",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "9.8.905"
          },
          {
            "model": "smart home controller",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": "9.8.905"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:bosch:smart_home_controller_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          }
        ]
      },
      "cve": "CVE-2019-11893",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.4,
                "id": "CVE-2019-11893",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-11893",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "psirt@bosch.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-11893",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-11893",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-11893",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@bosch.com",
                "id": "CVE-2019-11893",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-11893",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-1070",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-11893",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "id": "VAR-201905-0919",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "home \u0026 office device"
            ],
            "sub_category": "smart home controller",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T22:39:17.184000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BOSCH-SA-662084",
            "trust": 0.8,
            "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html"
          },
          {
            "title": "Bosch Smart Home Controller Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93023"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-266",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-275",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://psirt.bosch.com/advisory/bosch-sa-662084.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11893"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11893"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "date": "2019-05-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "date": "2019-05-29T20:29:00.297000",
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          },
          {
            "date": "2024-11-21T04:21:58.410000",
            "db": "NVD",
            "id": "CVE-2019-11893"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bosch Smart Home Controller Permissions vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004950"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-1070"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1877

    Vulnerability from variot - Updated: 2025-01-30 22:37

    A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1877",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "prosyst mbs sdk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "8.2.6"
          },
          {
            "model": "iot gateway software",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "bosch",
            "version": "9.2.0"
          },
          {
            "model": "iot gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": "9.2.0"
          },
          {
            "model": "prosyst mbs sdk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "robert bosch",
            "version": "8.2.6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:bosch:iot_gateway_software",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bosch:prosyst_mbs_sdk",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          }
        ]
      },
      "cve": "CVE-2019-11601",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-11601",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-143264",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-11601",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-11601",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-11601",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-11601",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-11601",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-11601",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-1729",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-143264",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A directory traversal vulnerability in remote access to backup \u0026 restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. The vulnerability stems from a network system or product\u0027s failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-11601",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729",
            "trust": 0.7
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "id": "VAR-201908-1877",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          }
        ],
        "trust": 0.02
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "network device"
            ],
            "sub_category": "gateway",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T22:37:54.340000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BOSCH-SA-562575",
            "trust": 0.8,
            "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"
          },
          {
            "title": "ProSyst Softoware mBS SDK  and Bosch IoT Gateway Software Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97317"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://psirt.bosch.com/advisory/bosch-sa-562575.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11601"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11601"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "date": "2019-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "date": "2019-08-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "date": "2019-08-21T20:15:12.447000",
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-143264"
          },
          {
            "date": "2019-08-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          },
          {
            "date": "2019-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          },
          {
            "date": "2024-11-21T04:21:25.640000",
            "db": "NVD",
            "id": "CVE-2019-11601"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ProSyst mBS SDK and  Bosch IoT Gateway Software Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008443"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-1729"
          }
        ],
        "trust": 0.6
      }
    }