Lucene search

[email protected]CVE-2022-32540

HistorySep 30, 2022 - 5:15 p.m.

CVE-2022-32540

2022-09-3017:15:12

CWE-200

[email protected]

web.nvd.nist.gov

cve-2022-32540

information disclosure

bvms

operator client

videojet decoder

vjd-7513

udp encryption

man-in-the-middle attack

platform cpp13

platform cpp14

firmware version 8.x

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

Affected configurations

NVD

Node

boschbosch_video_management_systemRange10.1–10.1.1

boschbosch_video_management_systemRange11.1–11.1.0

boschbosch_video_management_systemMatch11.0

Node

boschvideojet_decoder_7513Match-

AND

boschvideojet_decoder_7513_firmwareMatch10.23.0002

boschvideojet_decoder_7513_firmwareMatch10.30.0005

CPENameOperatorVersion
bosch:bosch_video_management_systembosch bosch video management systemle10.1.1
bosch:bosch_video_management_systembosch bosch video management systemle11.1.0
bosch:bosch_video_management_systembosch bosch video management systemeq11.0

CPE	Name	Operator	Version
bosch:bosch_video_management_system	bosch bosch video management system	le	10.1.1
bosch:bosch_video_management_system	bosch bosch video management system	le	11.1.0
bosch:bosch_video_management_system	bosch bosch video management system	eq	11.0

CNA Affected

[
  {
    "product": "BVMS",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThanOrEqual": "11.1.0",
        "status": "affected",
        "version": "11.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.0.0",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.1.1",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "VJD-7513",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "10.23.0002"
      },
      {
        "status": "affected",
        "version": "10.30.0005"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-464066.html

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for CVE-2022-32540

nvd1 prion1 cvelist1