CVE-2019-6957: Buffer Overflow for Bosch Video Systems, PSIM and Access Control Systems
First published: Thu Apr 04 2019(Updated: )
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Access Professional Edition | >=3.0<=3.7 | |
| Bosch Bosch Video Client | <1.7.6.079 | |
| Bosch Bosch Video Management System | <=9.0 | |
| Bosch Building Integration System | >=2.2<=4.4 | |
| Bosch Building Integration System | =4.5 | |
| Bosch Building Integration System | =4.6 | |
| Bosch Building Integration System | =4.6.1 | |
| Bosch Configuration Manager | <6.10 | |
| Bosch Video Recording Manager | <3.71.0032 | |
| Bosch Video Recording Manager | >=3.81<3.81.0048 | |
| Bosch Video Sdk | <6.32.0099 | |
| Bosch Video Streaming Gateway | <6.43.0023 | |
| Bosch Video Streaming Gateway | >=6.45<6.45.0008 | |
| Bosch Dip 2000 Firmware | <0380.037 | |
| Bosch Dip 2000 | ||
| Bosch Dip 3000 Firmware | ||
| Bosch Dip 3000 | ||
| Bosch Dip 5000 Firmware | <038.037 | |
| Bosch Dip 5000 | ||
| Bosch Dip 7000 Firmware | ||
| Bosch Dip 7000 | =gen1 | |
| Bosch Dip 7000 | =gen2 | |
| Bosch Access Easy Controller Firmware | =2.1.8.5 | |
| Bosch Access Easy Controller Firmware | =2.1.9.0 | |
| Bosch Access Easy Controller Firmware | =2.1.9.1 | |
| Bosch Access Easy Controller Firmware | =2.1.9.3 | |
| Bosch Access Easy Controller |
Remedy
In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should be firewalled, whilst additional steps like network isolation by VLAN, IP filtering features of the devices and other technologies should be used to decrease the exposure of vulnerable systems. In addition the firewall on the hosts shall be activated and set according to BVMS and BIS configuration manual. For further informatation please check the published security advisory.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security vulnerability?
The vulnerability ID for this security vulnerability is CVE-2019-6957.
Which software versions are affected by this vulnerability?
This vulnerability affects Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition, Bosch Video Client, and Bosch Video SDK.
What is the severity of CVE-2019-6957?
CVE-2019-6957 has a severity rating of 9.8, which is considered critical.
How can I fix this vulnerability?
To fix this vulnerability, users should upgrade to the latest version of the affected software as recommended by Bosch.
Where can I find more information about CVE-2019-6957?
More information about CVE-2019-6957 can be found in the Bosch Security Advisory and the provided reference link: https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/bosch
- canonical/bosch access professional edition
- version/bosch access professional edition/3.0
- version/bosch access professional edition/3.7
- canonical/bosch bosch video client
- canonical/bosch bosch video management system
- version/bosch bosch video management system/9.0
- canonical/bosch building integration system
- version/bosch building integration system/2.2
- version/bosch building integration system/4.4
- version/bosch building integration system/4.5
- version/bosch building integration system/4.6
- version/bosch building integration system/4.6.1
- canonical/bosch configuration manager
- canonical/bosch video recording manager
- version/bosch video recording manager/3.81
- canonical/bosch video sdk
- canonical/bosch video streaming gateway
- version/bosch video streaming gateway/6.45
- canonical/bosch dip 2000 firmware
- canonical/bosch dip 2000
- canonical/bosch dip 3000 firmware
- canonical/bosch dip 3000
- canonical/bosch dip 5000 firmware
- canonical/bosch dip 5000
- canonical/bosch dip 7000 firmware
- canonical/bosch dip 7000
- version/bosch dip 7000/gen1
- version/bosch dip 7000/gen2
- canonical/bosch access easy controller firmware
- version/bosch access easy controller firmware/2.1.8.5
- version/bosch access easy controller firmware/2.1.9.0
- version/bosch access easy controller firmware/2.1.9.1
- version/bosch access easy controller firmware/2.1.9.3
- canonical/bosch access easy controller