CRITICAL✓ PATCH🇬🇧 English

CVE-2019-6957

CVSS 9.8v3.1pub. 2019-05-29upd. 2024-11-21

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bosch Access Easy Controller

    HW
    Bosch
    wszystkie wersje
  • Bosch Access Easy Controller Firmware

    OS
    Bosch
    2.1.8.52.1.9.02.1.9.12.1.9.3
  • Bosch Access Professional Edition

    APP
    Bosch
    3.0 – 3.7
  • Bosch Video Client

    APP
    Bosch
    < 1.7.6.079
  • Bosch Video Management System

    APP
    Bosch
    ≤ 9.0
  • Bosch Building Integration System

    APP
    Bosch
    4.54.64.6.12.2 – 4.4
  • Bosch Configuration Manager

    APP
    Bosch
    < 6.10
  • Bosch Dip 2000

    HW
    Bosch
    wszystkie wersje
  • Bosch Dip 2000 Firmware

    OS
    Bosch
    < 0380.037
  • Bosch Dip 3000

    HW
    Bosch
    wszystkie wersje
  • Bosch Dip 3000 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Dip 5000

    HW
    Bosch
    wszystkie wersje
  • Bosch Dip 5000 Firmware

    OS
    Bosch
    < 038.037
  • Bosch Dip 7000

    HW
    Bosch
    gen1gen2
  • Bosch Dip 7000 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Video Recording Manager

    APP
    Bosch
    3.81 – 3.81.0048 (bez)< 3.71.0032
  • Bosch Video Sdk

    APP
    Bosch
    < 6.32.0099
  • Bosch Video Streaming Gateway

    APP
    Bosch
    < 6.43.00236.45 – 6.45.0008 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-23859CRITICAL9.1ten sam produkt

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2019-11684CRITICAL9.9ten sam produkt

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitra...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2019-6958CRITICAL9.1ten sam produkt

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...

CVE-2023-32230HIGH7.5ten sam produkt

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an un...