CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
53.8%
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as “CWE-284: Improper Access Control.” This vulnerability, for example, allows a potential attacker to delete video or read video data.
Vendor | Product | Version | CPE |
---|---|---|---|
bosch | access_professional_edition | * | cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:* |
bosch | bosch_video_client | * | cpe:2.3:a:bosch:bosch_video_client:*:*:*:*:*:*:*:* |
bosch | bosch_video_management_system | * | cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:* |
bosch | building_integration_system | * | cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:* |
bosch | building_integration_system | 4.5 | cpe:2.3:a:bosch:building_integration_system:4.5:*:*:*:*:*:*:* |
bosch | building_integration_system | 4.6 | cpe:2.3:a:bosch:building_integration_system:4.6:*:*:*:*:*:*:* |
bosch | building_integration_system | 4.6.1 | cpe:2.3:a:bosch:building_integration_system:4.6.1:*:*:*:*:*:*:* |
bosch | configuration_manager | * | cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:* |
bosch | video_sdk | * | cpe:2.3:a:bosch:video_sdk:*:*:*:*:*:*:*:* |
bosch | dip_2000 | - | cpe:2.3:h:bosch:dip_2000:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
53.8%