Multiple vulnerabilities in Bosch BT software products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-32230 CVE-2023-35867 |
| CWE-ID | CWE-703 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Bosch Monitorwall Hardware solutions / Firmware Bosch VJD-7513 Hardware solutions / Firmware Bosch VJD-7523 Hardware solutions / Firmware Bosch Video Recording Manager Hardware solutions / Firmware Bosch Video Streaming Gateway Hardware solutions / Firmware Bosch BIS Video Engine Hardware solutions / Firmware Bosch BVMS Hardware solutions / Firmware Bosch BVMS Viewer Hardware solutions / Firmware Bosch Configuration Manager Hardware solutions / Firmware Bosch DIVAR IP 7000 R2 Hardware solutions / Firmware Bosch DIVAR IP all-in-one 4000 Hardware solutions / Firmware Bosch DIVAR IP all-in-one 5000 Hardware solutions / Firmware Bosch DIVAR IP all-in-one 6000 Hardware solutions / Firmware Bosch DIVAR IP all-in-one 7000 Hardware solutions / Firmware Bosch DIVAR IP all-in-one 7000 R3 Hardware solutions / Firmware Bosch Intelligent Insights Hardware solutions / Firmware Bosch ONVIF Camera Event Driver Tool Hardware solutions / Firmware Bosch Project Assistant Hardware solutions / Firmware Bosch Video Security Client Hardware solutions / Firmware |
| Vendor | Robert Bosch |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU84931
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32230
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of a malformed API request to an API server. A remote attacker can cause a denial of service condition.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBosch Monitorwall: 10.00.0164
Bosch VJD-7513: 10.40.0055
Bosch VJD-7523: 10.40.0055
Bosch Video Recording Manager: 04.10.0079
Bosch Video Streaming Gateway: 8.1.2.2 - 9.0.0.178
CPE2.3- cpe:2.3:h:robert_bosch:bosch_monitorwall:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_monitorwall:10.00.0164:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_vjd-7513:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_vjd-7513:10.40.0055:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_vjd-7523:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_vjd-7523:10.40.0055:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_recording_manager:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_recording_manager:04.10.0079:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_streaming_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_streaming_gateway:8.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_streaming_gateway:9.0.0:*:*:*:*:*:*:*
http://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU84932
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35867
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of a malformed API answer packets to API clients. A remote attacker can replace an existing API server and cause a denial of service condition.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBosch BIS Video Engine: 5.0.1
Bosch BVMS: 12.0.0
Bosch BVMS Viewer: 12.0.0
Bosch Configuration Manager: 7.62.0178
Bosch DIVAR IP 7000 R2: 12.0.0
Bosch DIVAR IP all-in-one 4000: 12.0.0
Bosch DIVAR IP all-in-one 5000: 12.0.0
Bosch DIVAR IP all-in-one 6000: 12.0.0
Bosch DIVAR IP all-in-one 7000: 12.0.0
Bosch DIVAR IP all-in-one 7000 R3: 12.0.0
Bosch Intelligent Insights: 1.0.3.14
Bosch ONVIF Camera Event Driver Tool: 2.0.0.8
Bosch Project Assistant: 2.3.0.28
Bosch Video Security Client: 3.3.5.22
CPE2.3- cpe:2.3:h:robert_bosch:bosch_bis_video_engine:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_bis_video_engine:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_bvms:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_bvms:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_bvms_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_bvms_viewer:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_configuration_manager:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_configuration_manager:7.62.0178:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_7000_r2:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_7000_r2:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_4000:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_4000:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_5000:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_6000:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_6000:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_7000:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_7000_r3:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_divar_ip_all-in-one_7000_r3:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_intelligent_insights:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_intelligent_insights:1.0.3.14:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_onvif_camera_event_driver_tool:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_onvif_camera_event_driver_tool:2.0.0.8:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_project_assistant:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_project_assistant:2.3.0.28:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_security_client:*:*:*:*:*:*:*:*
- cpe:2.3:h:robert_bosch:bosch_video_security_client:3.3.5.22:*:*:*:*:*:*:*
http://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
