Bosch PSIRT Security Advisories - 必威软件下载,必威手机版官方网站 2021-11-03T08:37:20Z https://psirt.bosch.com/security-advisories/bosch-psirt-security-advisories-rss.xml Security Advisories by the Bosch PSIRT Robert Bosch GmbH 2021-10-07T00:00:00 Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras <p>BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch.  Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to each customer’s environment. Customers are advised to upgrade to the fixed version or follow the described mitigation measures. The vulnerability was discovered by Andrey Muravitsky from Kaspersky ICS CERT. </p> https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html Robert Bosch GmbH 2021-10-04T00:00:00 Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series <p>BOSCH-SA-741752: The control systems series Rexroth IndraMotion MLC and IndraLogic XLC are affected by multiple vulnerabilities in the web server, which - in combination - ultimately enable an attacker to log in to the system. - Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource. - Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with the aforementioned vulnerability, this allows an attacker to subsequently login to the system The control systems Rexroth IndraMotion MLC are affected by multiple further vulnerabilities in the web server. - Information disclosure: The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables - Reflected Cross-Site-Scripting: The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client's computer by sending the client a manipulated URL. These vulnerabilities were discovered and reported by Matan Dobrushin and Eran Jacob from OTORIO Research </p> https://psirt.bosch.com/security-advisories/bosch-sa-741752.html Robert Bosch GmbH 2021-07-20T00:00:00 Vulnerabilities in CODESYS V2 runtime systems <p>BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send crafted communication packets which may result in a denial of service condition or allow in worst case remote code execution. Please note: Versions below V.2600 are EoL and not supported anymore. </p> https://psirt.bosch.com/security-advisories/bosch-sa-670099.html Robert Bosch GmbH 2021-07-09T00:00:00 Vulnerabilities in CODESYS V2 runtime systems <p>BOSCH-SA-475180: The control systems SYNAX, Visual Motion, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contain PLC technology from CODESYS GmbH. The manufacturer CODESYS GmbH published a security bulletin (1) about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, attackers can send crafted communication packets which may result in a denial of service condition or allow in worst case remote code execution. </p> https://psirt.bosch.com/security-advisories/bosch-sa-475180.html Robert Bosch GmbH 2021-06-09T00:00:00 Multiple vulnerabilities in Bosch IP cameras <p>BOSCH-SA-478243-BT: Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch.  Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final rating on the customer’s environment. Customers are strongly advised to upgrade to the fixed versions. These vulnerabilities were discovered by Alexander Nochvay and Andrey Muravitsky from Kaspersky ICS CERT.</p> https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html Robert Bosch GmbH 2021-05-28T00:00:00 Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M <p>BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the user password is transmitted as a clear text parameter. Latest firmware versions allow only https. If a software update is not possible in a timely manner, a reduction in the systems network exposure is advised. Internet-accessible systems should be firewalled. Additional protective steps like network isolation by VLAN. These vulnerabilities were reported by Chizuru Toyama of TXOne IoT/ICS Security Research Labs. ### Impact Under certain circumstances, a malicious or unintended user could gain access to the B426 web server and access the configuration pages without needing to enter login credentials.</p> https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html Robert Bosch GmbH 2021-05-19T00:00:00 Vulnerability in the routing protocol of the PLC runtime <p>BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, attackers can send crafted communication packets to change the routers addressing scheme and may re-route, add, remove or change low level communication packages. On the ctrlX CORE PLC Runtime, an attacker might try to obfuscate the origin of the attacker’s address and therefore cover up tracks by exploiting the vulnerability, or, in a worst case scenario, cause a temporary interruption in the communication to the PLC Runtime. No authentication bypass is possible. A restart of the PLC Runtime application does reset the application to a working state. On IndraMotion MLC, MTX and MLD an attacker might act as a Man in the Middle by exploiting the vulnerability and therefore manipulate communication requests between the PLC runtime and clients. In the worst case scenario, this would allow to manipulate the PLC Runtime and/or read data without authorization. The vulnerability currently affects all available software versions.</p> https://psirt.bosch.com/security-advisories/bosch-sa-350374.html Robert Bosch GmbH 2021-04-30T00:00:00 ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities <p>BOSCH-SA-017743: Multiple vulnerabilities affecting OpenSSL Versions previous to 1.1.1k and Python 0 through 3.9.1, have been reported. Affected versions are included in the ctrlX CORE - IDE App. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. Two vulnerabilities (CVE-2021-3177 and CVE-2021-27619) are notably critical, as they can be easily exploited. The exploitation of these vulnerabilities can lead to remote code execution (CVE-2021-3177, CVE-27619), unexpected communication behavior (CVE-2021-2336, CVE-2020-26116), crash and Denial of Service (CVE-2021-3449, CVE-2021-23841, CVE-2021-23840, CVE-27619). The affected functions of the aforementioned vulnerabilities are not used directly by the ctrlX CORE - IDE App and hence, the exploitation risk is low. Nonetheless, vulnerable versions of these components are included and it cannot be completely ruled out that these functions might be indirectly called. For this reason, Bosch Rexroth recommends to update the affected product to their latest version. These vulnerabilities do not affect the ctrlX CORE Runtime.</p> https://psirt.bosch.com/security-advisories/bosch-sa-017743.html Robert Bosch GmbH 2021-04-30T00:00:00 FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline <p>BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.</p> https://psirt.bosch.com/security-advisories/bosch-sa-428397.html Robert Bosch GmbH 2021-04-23T00:00:00 ctrlX Multiple Vulnerabilities <p>Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and therefore the risk of an attacker being able to exploit the vulnerability is considered as low. Nevertheless, it cannot be completely ruled out that the functions might be called indirectly. It is therefore strongly advised to follow the suggested solution and mitigations. </p> https://psirt.bosch.com/security-advisories/bosch-sa-918106.html Robert Bosch GmbH