Improper Access Control in Bosch B420 Control Panel
CVE-2022-47648

7.6HIGH

Key Information:

Vendor: Bosch
Status: B420
Vendor: CVE Published:; 8 February 2023

What is CVE-2022-47648?

An improper access control vulnerability exists in the Bosch B420 control panel, which allows attackers to bypass authorization requirements. This issue arises from outdated IP-based authorization mechanisms. If an authenticated user has previously accessed the B420, an insider attacker can exploit this vulnerability to gain unauthorized access to the control panel, even without valid credentials. Notably, the B420 module was declared obsolete, with an end of life announced in 2013, highlighting the importance of replacing deprecated systems to enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

B420 All Versions

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-3412...

vendor-advisory

https://pastebin.com/raw/0CGTpiEn

https://drive.google.com/drive/folders/16jvVFyp9RlHvXvq7q...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Dec 21, 2022

JSON

Bosch