Bosch Bis
5 CVEs affecting Bosch Bis. Latest disclosed: 2024-04-11. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-23859 | Critical | 9.1 | 2021-12-08 | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation t… |
CVE-2021-23843 | High | 8.8 | 2022-01-19 | The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password pro… |
CVE-2023-29241 | High | 8.1 | 2023-06-30 | Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to acce… |
CVE-2021-23842 | Medium | 5.7 | 2022-01-19 | Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the… |
CVE-2023-32228 | Medium | 4.6 | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |