CVE-2019-6957

Buffer Overflow for Bosch Video Systems, PSIM and Access Control Systems

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

Una vulnerabilidad de seguridad encontrada recientemente impacta a todas las versiones 9.0 y anteriores de Bosch Video Management System (BVMS), DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). La vulnerabilidad potencialmente permite la ejecución no autorizada de código en el sistema por medio de la interfaz de red.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-25 CVE Reserved
2019-05-29 CVE Published
2023-08-24 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf	2022-11-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bosch Search vendor "Bosch"	Dip 2000 Firmware Search vendor "Bosch" for product "Dip 2000 Firmware"	< 0380.037 Search vendor "Bosch" for product "Dip 2000 Firmware" and version " < 0380.037"	-	Affected	in	Bosch Search vendor "Bosch"	Dip 2000 Search vendor "Bosch" for product "Dip 2000"	-	-	Safe
Bosch Search vendor "Bosch"	Dip 3000 Firmware Search vendor "Bosch" for product "Dip 3000 Firmware"	-	-	Affected	in	Bosch Search vendor "Bosch"	Dip 3000 Search vendor "Bosch" for product "Dip 3000"	-	-	Safe
Bosch Search vendor "Bosch"	Dip 5000 Firmware Search vendor "Bosch" for product "Dip 5000 Firmware"	< 038.037 Search vendor "Bosch" for product "Dip 5000 Firmware" and version " < 038.037"	-	Affected	in	Bosch Search vendor "Bosch"	Dip 5000 Search vendor "Bosch" for product "Dip 5000"	-	-	Safe
Bosch Search vendor "Bosch"	Dip 7000 Firmware Search vendor "Bosch" for product "Dip 7000 Firmware"	-	-	Affected	in	Bosch Search vendor "Bosch"	Dip 7000 Search vendor "Bosch" for product "Dip 7000"	gen1 Search vendor "Bosch" for product "Dip 7000" and version "gen1"	-	Safe
Bosch Search vendor "Bosch"	Dip 7000 Firmware Search vendor "Bosch" for product "Dip 7000 Firmware"	-	-	Affected	in	Bosch Search vendor "Bosch"	Dip 7000 Search vendor "Bosch" for product "Dip 7000"	gen2 Search vendor "Bosch" for product "Dip 7000" and version "gen2"	-	Safe
Bosch Search vendor "Bosch"	Access Easy Controller Firmware Search vendor "Bosch" for product "Access Easy Controller Firmware"	2.1.8.5 Search vendor "Bosch" for product "Access Easy Controller Firmware" and version "2.1.8.5"	-	Affected	in	Bosch Search vendor "Bosch"	Access Easy Controller Search vendor "Bosch" for product "Access Easy Controller"	-	-	Safe
Bosch Search vendor "Bosch"	Access Easy Controller Firmware Search vendor "Bosch" for product "Access Easy Controller Firmware"	2.1.9.0 Search vendor "Bosch" for product "Access Easy Controller Firmware" and version "2.1.9.0"	-	Affected	in	Bosch Search vendor "Bosch"	Access Easy Controller Search vendor "Bosch" for product "Access Easy Controller"	-	-	Safe
Bosch Search vendor "Bosch"	Access Easy Controller Firmware Search vendor "Bosch" for product "Access Easy Controller Firmware"	2.1.9.1 Search vendor "Bosch" for product "Access Easy Controller Firmware" and version "2.1.9.1"	-	Affected	in	Bosch Search vendor "Bosch"	Access Easy Controller Search vendor "Bosch" for product "Access Easy Controller"	-	-	Safe
Bosch Search vendor "Bosch"	Access Easy Controller Firmware Search vendor "Bosch" for product "Access Easy Controller Firmware"	2.1.9.3 Search vendor "Bosch" for product "Access Easy Controller Firmware" and version "2.1.9.3"	-	Affected	in	Bosch Search vendor "Bosch"	Access Easy Controller Search vendor "Bosch" for product "Access Easy Controller"	-	-	Safe
Bosch Search vendor "Bosch"		Access Professional Edition Search vendor "Bosch" for product "Access Professional Edition"				>= 3.0 <= 3.7 Search vendor "Bosch" for product "Access Professional Edition" and version " >= 3.0 <= 3.7"		-		Affected
Bosch Search vendor "Bosch"		Bosch Video Client Search vendor "Bosch" for product "Bosch Video Client"				< 1.7.6.079 Search vendor "Bosch" for product "Bosch Video Client" and version " < 1.7.6.079"		-		Affected
Bosch Search vendor "Bosch"		Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System"				<= 9.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 9.0"		-		Affected
Bosch Search vendor "Bosch"		Building Integration System Search vendor "Bosch" for product "Building Integration System"				>= 2.2 <= 4.4 Search vendor "Bosch" for product "Building Integration System" and version " >= 2.2 <= 4.4"		-		Affected
Bosch Search vendor "Bosch"		Building Integration System Search vendor "Bosch" for product "Building Integration System"				4.5 Search vendor "Bosch" for product "Building Integration System" and version "4.5"		-		Affected
Bosch Search vendor "Bosch"		Building Integration System Search vendor "Bosch" for product "Building Integration System"				4.6 Search vendor "Bosch" for product "Building Integration System" and version "4.6"		-		Affected
Bosch Search vendor "Bosch"		Building Integration System Search vendor "Bosch" for product "Building Integration System"				4.6.1 Search vendor "Bosch" for product "Building Integration System" and version "4.6.1"		-		Affected
Bosch Search vendor "Bosch"		Configuration Manager Search vendor "Bosch" for product "Configuration Manager"				< 6.10 Search vendor "Bosch" for product "Configuration Manager" and version " < 6.10"		-		Affected
Bosch Search vendor "Bosch"		Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager"				< 3.71.0032 Search vendor "Bosch" for product "Video Recording Manager" and version " < 3.71.0032"		-		Affected
Bosch Search vendor "Bosch"		Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager"				>= 3.81 < 3.81.0048 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.81 < 3.81.0048"		-		Affected
Bosch Search vendor "Bosch"		Video Sdk Search vendor "Bosch" for product "Video Sdk"				< 6.32.0099 Search vendor "Bosch" for product "Video Sdk" and version " < 6.32.0099"		-		Affected
Bosch Search vendor "Bosch"		Video Streaming Gateway Search vendor "Bosch" for product "Video Streaming Gateway"				< 6.43.0023 Search vendor "Bosch" for product "Video Streaming Gateway" and version " < 6.43.0023"		-		Affected
Bosch Search vendor "Bosch"		Video Streaming Gateway Search vendor "Bosch" for product "Video Streaming Gateway"				>= 6.45 < 6.45.0008 Search vendor "Bosch" for product "Video Streaming Gateway" and version " >= 6.45 < 6.45.0008"		-		Affected