<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>bosch Archives - CVE Vulnerability</title>
	<atom:link href="https://cvevulnerability.com/cve_products/bosch/feed/" rel="self" type="application/rss+xml" />
	<link>https://cvevulnerability.com/cve_products/bosch/</link>
	<description></description>
	<lastBuildDate>Sun, 26 Feb 2023 06:42:51 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://cvevulnerability.com/wp-content/uploads/2023/02/cropped-Screenshot-2023-02-27-at-3.52.32-PM-32x32.png</url>
	<title>bosch Archives - CVE Vulnerability</title>
	<link>https://cvevulnerability.com/cve_products/bosch/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CVE-2020-6769</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-6769/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:42:51 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-6769/</guid>

					<description><![CDATA[<p>Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-6769/">CVE-2020-6769</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 &lt;= 6.45.08, 6.44 &lt;= 6.44.022, 6.43 &lt;= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 &lt;= 3.62.0019 and DIVAR IP 5000 &lt;= 3.80.0039 if the corresponding port 8023 has been opened in the device&#039;s firewall.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-6769/">CVE-2020-6769</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-6957</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6957/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:34:06 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-6957/</guid>

					<description><![CDATA[<p>A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6957/">CVE-2019-6957</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6957/">CVE-2019-6957</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-6958</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6958/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:34:06 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-6958/</guid>

					<description><![CDATA[<p>A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6958/">CVE-2019-6958</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as &#8220;CWE-284: Improper Access Control.&#8221; This vulnerability, for example, allows a potential attacker to delete video or read video data.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-6958/">CVE-2019-6958</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11891</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11891/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11891/</guid>

					<description><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary&#8217;s choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11891/">CVE-2019-11891</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary&#8217;s choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11891/">CVE-2019-11891</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11892</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11892/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11892/</guid>

					<description><![CDATA[<p>A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC&#8217;s configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11892/">CVE-2019-11892</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC&#8217;s configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11892/">CVE-2019-11892</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11893</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11893/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11893/</guid>

					<description><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11893/">CVE-2019-11893</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11893/">CVE-2019-11893</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11894</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11894/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11894/</guid>

					<description><![CDATA[<p>A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11894/">CVE-2019-11894</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11894/">CVE-2019-11894</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11895</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11895/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11895/</guid>

					<description><![CDATA[<p>A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11895/">CVE-2019-11895</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11895/">CVE-2019-11895</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2019-11896</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11896/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:29:42 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2019-11896/</guid>

					<description><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11896/">CVE-2019-11896</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2019-11896/">CVE-2019-11896</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-23859</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-23859/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:07:37 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-23859/</guid>

					<description><![CDATA[<p>An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-23859/">CVE-2021-23859</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-23859/">CVE-2021-23859</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
