跳到主要內容
博世智能建築科技

統安全通告

以下列出的安全通告(SA)爲您提供博世産品或服務中已識別的安全漏洞及相應的解決方案。

2022

Security
Advisory ID
Assigned CVE
IDs
Title CVSS* Score Affected
Bosch Products
Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
CVE-2022-32540
Title
Information Disclosure in VIDEOJET Decoder and Operator Client
application in BVMS
CVSS* Score
7.4
Affected
Bosch Products
Bosch BVMS 10.1 <= 10.1.1
Bosch BVMS 11.0 <= 11.0.0
Bosch BVMS 11.1 <= 11.1.0
Bosch VJD-7513 10.23.0002
Bosch VJD-7513 10.30.0005
Publication
Date
2022-09-21
Last Update
2022-09-21
Security
Advisory ID
Assigned CVE
IDs
- CVE-2022-36301
- CVE-2022-36302
Title
Multiple Vulnerabilities in BF-OS
CVSS* Score
9.8
Affected
Bosch Products
Bosch BF-OS
Publication
Date
2022-08-01
Last Update
2022-08-01
Security
Advisory ID
Assigned CVE
IDs
- CVE-2022-32534
- CVE-2022-32535
- CVE-2022-32536
- Multiple CVEs in 3rd party components
Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
BOSCH-SA-247052-BT
CVSS* Score
9.8
Affected
Bosch Products
Bosch PRA-ES8P2S <= 1.01.05
Publication
Date
2022-06-22
Last Update
2022-06-22
Security
Advisory ID
Assigned CVE
IDs
CVE-2022-22965
Title
Improper Control of Generation of Code in Bosch MATRIX
CVSS* Score
9.8
Affected
Bosch Products
Bosch MATRIX >= 3.3
Bosch MATRIX <= 3.6
Bosch MATRIX <= 3.7.6
Bosch MATRIX <= 3.8.4
Publication
Date
2022-04-27
Last Update
2022-04-27
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23850,
CVE-2021-23851
Title
Buffer Overflow Vulnerability in Recovery Image
CVSS* Score
6.8
6.8
Affected
Bosch Products
Bosch CPP Firmware
Publication
Date
2022-03-30
Last Update
2022-09-07
Security
Advisory ID
Assigned CVE
IDs
CVE-2018-1285
Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
CVSS* Score
9.8
Affected
Bosch Products
Bosch FSM-10000 Client <= 5.6.2131
Bosch FSM-10000 Server <= 5.6.630
Bosch FSM-10k Client <= 5.6.2131
Bosch FSM-10k Server <= 5.6.630
Bosch FSM-2500 Client <= 5.6.2131
Bosch FSM-2500 Server <= 5.6.630
Bosch FSM-5000 Client <= 5.6.2131
Bosch FSM-5000 Server <= 5.6.630
Publication
Date
2022-03-23
Last Update
2022-03-23
Security
Advisory ID
Assigned CVE
IDs
CVE-2018-1285
Title
Improper Restriction of XML External Entity Reference in BVMS
CVSS* Score
9.8
Affected
Bosch Products
Bosch BVMS <= 9.0.0
Bosch BVMS 10.0 <= 10.0.2
Bosch BVMS 10.1 <= 10.1.1
Bosch BVMS 11.0 <= 11.1.0
Bosch DIVAR IP 7000 R2
Bosch DIVAR IP all-in-one 5000
Bosch DIVAR IP all-in-one 7000
Publication
Date
2022-03-16
Last Update
2022-03-16
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23863
Title
Injection of arbitrary HTML code in Bosch Video Security Android App
CVSS* Score
6.1
Affected
Bosch Products
Bosch Video Security Android Application
Publication
Date
2022-01-26
Last Update
2022-09-07
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23842
CVE-2021-23843
Title
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller)
CVSS* Score
5.7
8.8
Affected
Bosch Products
AMC2
AMS < 4.0
APE <= 3.8.x
BIS < 4.9.1
Publication
Date
2022-01-19
Last Update
2022-01-28
*CVSS - Common Vulnerability Scoring System

2021

Security
Advisory ID
Assigned CVE
IDs
Title CVSS* Score Affected
Bosch Products
Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-44228,
CVE-2021-45046,
CVE-2021-45105
Title
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address
Server (PRA-APAS)
CVSS* Score
10.0
9.0
7.5
Affected
Bosch Products
PRAESENSA PRA-APAS
Publication
Date
2021-12-22
Last Update
2021-12-22
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23859,
CVE-2021-23860,
CVE-2021-23861,
CVE-2021-23862
Title
Multiple Vulnerabilities in Bosch BT software products
CVSS* Score
9.1
5.0
6.5
7.2
Affected
Bosch Products
AEC, APE, BIS, BVMS, VRM, DIVAR IP, VJD 7513 & 8000
Publication
Date
2021-12-08
Last Update
2021-12-08
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23849
Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
CVSS* Score
7.5
Affected
Bosch Products
IP Cameras
Publication
Date
2021-08-04
Last Update
2021-10-07
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23847,
CVE-2021-23848,
CVE-2021-23852,
CVE-2021-23853,
CVE-2021-23854
Title
Multiple vulnerabilities in Bosch IP cameras
CVSS* Score
9.8
8.3
4.9
8.3
8.3
Affected
Bosch Products
IP Cameras
Publication
Date
2021-06-09
Last Update
2021-06-09
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-23845,
CVE-2021-23846
Title
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
CVSS* Score
8.0
8.8
Affected
Bosch Products
Bosch B426, B426-CN/B429-CN, B426-M
Publication
Date
2021-05-28
Last Update
2021-05-28
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6785,
CVE-2020-6786,
CVE-2020-6787,
CVE-2020-6788,
CVE-2020-6789,
CVE-2020-6790,
CVE-2020-6771
Title
Software Vulnerabilities: Uncontrolled Search Path Element
CVSS* Score
7.8
Affected
Bosch Products
BVMS,
BVMS Viewer,
VRM Installer,
IP Helper,
Bosch Video Client Installer,
Bosch Configuration Manager Installer,
Bosch Monitor Wall Installer,
Bosch Video Streaming Gateway Installer,
DIVAR IP 7000 R2,
DIVAR IP all-in-one 5000,
DIVAR IP all-in-one 7000
Publication
Date
2021-03-24
Last Update
2021-03-30
Security
Advisory ID
Assigned CVE
IDs
CVE-2021-3011
Title
Side Channel Key Extraction IP Cameras and Encoders Vulnerability
CVSS* Score
4.2
Affected
Bosch Products
IP Cameras, Encoders
Publication
Date
2021-03-03
Last Update
2021-03-03
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6779,
CVE-2020-6780
Title
Two vulnerabilities in Bosch Fire Monitoring System (FSM)
CVSS* Score
10.0
4.4
Affected
Bosch Products
FSM
Publication
Date
2021-01-20
Last Update
2021-01-20
*CVSS - Common Vulnerability Scoring System

2020

Security
Advisory ID
Assigned CVE
IDs
Title CVSS* Score Affected
Bosch Products
Publication
Date
Last Update
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6776,
CVE-2020-6777,
CVE-2020-15688
Title
Vulnerabilities in Bosch PRAESIDEO and PRAESENSA
CVSS* Score
8.8
4.8
7.5
Affected
Bosch Products
PRAESIDEO
PRAESENSA
Publication
Date
2020-09-30
Last Update
2020-09-30
Security
Advisory ID
Assigned CVE
IDs
CVE-2017-0144,
CVE-2019-0708,
CVE-2020-6774
Title
Multiple Vulnerabilities in Bosch Recording Station (BRS)
CVSS* Score
8.1
9.8
9.3
Affected
Bosch Products
Bosch Recording Station (BRS)
Publication
Date
2020-05-27
Last Update
2020-05-27
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6767
Title
Path Traversal BVMS Vulnerability
CVSS* Score
7.7
Affected
Bosch Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6768
Title
NoTouch deployment service BVMS Vulnerability
CVSS* Score
8.6
Affected
Bosch Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6769
Title
Missing Authentication for Critical Function Video Streaming Gateway Vulnerability
CVSS* Score
10.0
Affected
Bosch Products
DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, DIVAR IP 2000, DIVAR IP 5000, Bosch Video Streaming Gateway (VSG) 6.45 and older
Publication
Date
2020-01-29
Last Update
2020-01-29
Security
Advisory ID
Assigned CVE
IDs
CVE-2020-6770
Title
Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability
CVSS* Score
10.0
Affected
Bosch Products
DIVAR IP 3000, DIVAR IP 7000, BVMS 10.0 and older
Publication
Date
2020-01-29
Last Update
2020-01-29
*CVSS - Common Vulnerability Scoring System

2019

Security
Advisory ID
Version Title CVSS* Score Affected
Bosch Products
Publication
Date
Last Update
Security
Advisory ID
Version
1.0
Title
Unauthorized access to sensitive data by reverse engineering one of the APE service tools
CVSS* Score
9.9
Affected
Bosch Products
Access Professional Edition (APE) 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
Version
1.0
Title
Unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation
CVSS* Score
8.8
Affected
Bosch Products
Access Professional Edition (APE) 3.7 downwards
Publication
Date
2019-09-11
Last Update
2019-09-11
Security
Advisory ID
Version
1.02
Title
Unauthenticated Certificate Access
CVSS* Score
9.9
Affected
Bosch Products
Video Recording Manager,
DIVAR IP 5000,
Bosch Video Management System
Publication
Date
2019-05-09
Last Update
2022-02-09
Security
Advisory ID
Version
1.00
Title
Software Buffer Overflow
CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Video Recording Manager,
Video Streaming Gateway,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Version
1.00
Title
Improper Access Control
CVSS* Score
9.8
Affected
Bosch Products
Bosch Video Management System,
DIVAR IP,
Configuration Manager,
Building Integration System with Video Engine,
Access Professional Edition,
Access Easy Controller,
Bosch Video Client,
Video SDK
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Version
1.00
Title
Open Redirect
CVSS* Score
6.1
Affected
Bosch Products
Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Version
1.00
Title
Path Traversal
CVSS* Score
4.9
Affected
Bosch Products
Video Recording Manager
Publication
Date
2019-04-03
Last Update
2019-04-03
Security
Advisory ID
Version
1.02
Title
Security Advisory Access Easy Controller 2.1
CVSS* Score
6.5
Affected
Bosch Products
Access Easy Controller 2.1
Publication
Date
2018-12-03
Last Update
2019‑02‑28
Security
Advisory ID
Version
1.1
Title
DIVAR 400 & 600 series Vulnerability
CVSS* Score
10
Affected
Bosch Products
DIVAR 400 & 600 series Vulnerability
Publication
Date
2019‑01‑09
Last Update
2019‑01‑18
*CVSS - Common Vulnerability Scoring System

2018

Security
Advisory ID
Version Title CVSS* Score Affected
Bosch Products
Publication
Date
Last Update
Security
Advisory ID
Version
1.05
Title
IP Camera Vulnerability
CVSS* Score
9.4
Affected
Bosch Products
Bosch IP Cameras
Publication
Date
2018‑12‑12
Last Update
20228‑02‑09
*CVSS - Common Vulnerability Scoring System