Information Disclosure in BVMS and VIDEOJET Decoder by Bosch
CVE-2022-32540

7.4HIGH

Key Information:

Vendor

Bosch
Status
Bvms
Vjd-7513
Vendor
CVE Published:
30 September 2022

What is CVE-2022-32540?

The vulnerability in the Operator Client application of BVMS versions 10.1.1, 11.0, and 11.1.0, as well as VIDEOJET Decoder versions 10.23 and 10.30, enables a man-in-the-middle attacker to exploit a weakness in UDP encryption. This flaw compromises the confidentiality of video streams when the target system is equipped with cameras running on platforms CPP13 or CPP14, specifically with firmware version 8.x. As a result, unauthorized entities may gain access to sensitive video data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BVMS 11.1 <= 11.1.0

BVMS 11.0 <= 11.0.0

BVMS 10.1 <= 10.1.1

References

https://psirt.bosch.com/security-advisories/bosch-sa-4640...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.