CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23843 – Lack of authentication mechanisms on the device
https://notcve.org/view.php?id=CVE-2021-23843
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet. • https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-23842 – Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2021-23842
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet. La comunicación con el AMC2 usa un algoritmo criptográfico de última generación para el cifrado simétrico llamado Blowfish. • https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2021-23859 – Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
https://notcve.org/view.php?id=CVE-2021-23859
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 Un atacante no autenticado es capaz de enviar una petición HTTP especial, que causa el bloqueo de un servicio. En el caso de un VRM independiente o de un BVMS con instalación de VRM, este bloqueo también abre la posibilidad de enviar más comandos no autenticados al servicio. • https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11899
https://notcve.org/view.php?id=CVE-2019-11899
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. Un atacante no autenticado puede alcanzar acceso no autorizado a datos confidenciales mediante la explotación del protocolo SMB de Windows en la instalación de un cliente. Con Bosch Access Professional Edition (APE) versión 3.8, las instalaciones del cliente necesitan ser autorizadas por el administrador de APE. • https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html • CWE-284: Improper Access Control •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11898
https://notcve.org/view.php?id=CVE-2019-11898
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. Los privilegios de administración APE no autorizados pueden ser alcanzados mediante ingeniería inversa de una de las herramientas de servicio APE. La herramienta de servicio es descontinuada con Bosch Access Professional Edition (APE) versión 3.8. • https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html • CWE-798: Use of Hard-coded Credentials •