What is the vulnerability ID?

The vulnerability ID is CVE-2021-23843.

What is the severity of CVE-2021-23843?

The severity of CVE-2021-23843 is high, with a severity value of 7.8.

Which software tools are affected by CVE-2021-23843?

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are affected by CVE-2021-23843.

How can an attacker exploit CVE-2021-23843?

An attacker can exploit CVE-2021-23843 by circumventing the password protection on configured devices to gain unauthorized access to the configuration of an AMC2.

How can CVE-2021-23843 be fixed?

To fix CVE-2021-23843, it is recommended to apply the patches or updates provided by Bosch. Additionally, ensure that strong passwords are used to protect configured devices.

Vulnerability/
CVE-2021-23843

high

8.8

CWE

306

19/1/2022

3/8/2024

CVE-2021-23843: Lack of authentication mechanisms on the device

First published: Wed Jan 19 2022(Updated: )

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.

Credit: psirt@bosch.com

Affected Software	Affected Version	How to fix
Bosch Amc2 Firmware
Bosch Amc2
Bosch Access Management System	=3.0
Bosch Access Professional Edition	<=3.8.0
Bosch Building Integration System	<4.9.1

Never miss a vulnerability like this again

Reference Links

https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-23843.
What is the severity of CVE-2021-23843?
The severity of CVE-2021-23843 is high, with a severity value of 7.8.
Which software tools are affected by CVE-2021-23843?
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are affected by CVE-2021-23843.
How can an attacker exploit CVE-2021-23843?
An attacker can exploit CVE-2021-23843 by circumventing the password protection on configured devices to gain unauthorized access to the configuration of an AMC2.
How can CVE-2021-23843 be fixed?
To fix CVE-2021-23843, it is recommended to apply the patches or updates provided by Bosch. Additionally, ensure that strong passwords are used to protect configured devices.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/weakness
agent/author
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/bosch
canonical/bosch amc2 firmware
canonical/bosch amc2
canonical/bosch access management system
version/bosch access management system/3.0
canonical/bosch access professional edition
version/bosch access professional edition/3.8.0
canonical/bosch building integration system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.