CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-6958

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile3.98th
Published2019年5月29日
Last Modified2024年11月21日

Vulnerability Description

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data.

Affected Platforms (CPE)

📦
Bosch

Access Professional Edition

>= 3.0 and <= 3.7
📦
Bosch

Bosch Video Client

< 1.7.6.079
📦
Bosch

Bosch Video Management System

<= 9.0
📦
Bosch

Building Integration System

>= 2.2 and <= 4.4
📦
Bosch

Building Integration System

= 4.5
📦
Bosch

Building Integration System

= 4.6
📦
Bosch

Building Integration System

= 4.6.1
📦
Bosch

Configuration Manager

< 6.10
📦
Bosch

Video Sdk

< 6.32.0099
💻
Bosch

Dip 2000 Firmware

< 0380.037
💻
Bosch

Dip 3000 Firmware

All versions
💻
Bosch

Dip 5000 Firmware

< 038.037
💻
Bosch

Dip 7000 Firmware

All versions
💻
Bosch

Access Easy Controller Firmware

= 2.1.8.5
💻
Bosch

Access Easy Controller Firmware

= 2.1.9.0
💻
Bosch

Access Easy Controller Firmware

= 2.1.9.1
💻
Bosch

Access Easy Controller Firmware

= 2.1.9.3

References & Advisories

🔗 https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bt-cve-2019-6958_security_advisory_improper_access_control.pdf
🔗 https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bt-cve-2019-6958_security_advisory_improper_access_control.pdf

相关漏洞威胁

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-118989.9

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool i...

CVE-2019-69579.8

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 200...

CVE-2010-41829.3

Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3...