Improper Data Handling in Bosch Building Integration System
CVE-2023-29241

8.1HIGH

Key Information:

Vendor: Bosch
Status: Bis
Vendor: CVE Published:; 30 June 2023

What is CVE-2023-29241?

The Bosch Building Integration System (BIS) 5.0 contains a vulnerability that results from improper information handling in its Cybersecurity Guidebook. This flaw may lead to incorrect system configurations, allowing local users to gain unauthorized access to sensitive data over the network. It is essential for users and administrators of this system to assess their configurations and implement recommended security practices to mitigate potential risks.

Affected Version(s)

BIS 5.0

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-9884...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Jun 1, 2023

CVE-2023-29241 Data

JSON