A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBosch Access Easy Controller
HWBoschwszystkie wersjeBosch Access Easy Controller Firmware
OSBosch2.1.8.52.1.9.02.1.9.12.1.9.3Bosch Access Professional Edition
APPBosch3.0 – 3.7Bosch Video Client
APPBosch< 1.7.6.079Bosch Video Management System
APPBosch≤ 9.0Bosch Building Integration System
APPBosch4.54.64.6.12.2 – 4.4Bosch Configuration Manager
APPBosch< 6.10Bosch Dip 2000
HWBoschwszystkie wersjeBosch Dip 2000 Firmware
OSBosch< 0380.037Bosch Dip 3000
HWBoschwszystkie wersjeBosch Dip 3000 Firmware
OSBoschwszystkie wersjeBosch Dip 5000
HWBoschwszystkie wersjeBosch Dip 5000 Firmware
OSBosch< 038.037Bosch Dip 7000
HWBoschgen1gen2Bosch Dip 7000 Firmware
OSBoschwszystkie wersjeBosch Video Recording Manager
APPBosch3.81 – 3.81.0048 (bez)< 3.71.0032Bosch Video Sdk
APPBosch< 6.32.0099Bosch Video Streaming Gateway
APPBosch< 6.43.00236.45 – 6.45.0008 (bez)
Related vulnerabilities
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitra...
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an un...