Firmware Bug in Bosch AMC2-4WCF and AMC2-2WCF Products
CVE-2023-32228

4.6MEDIUM

Key Information:

Vendor: Bosch
Status: Ams; Bis
Vendor: CVE Published:; 11 April 2024

What is CVE-2023-32228?

A firmware bug exists in Bosch's AMC2-4WCF and AMC2-2WCF products, which may result in the misinterpretation of user data. This flaw can potentially allow unauthorized access, enabling an adversary to bypass security measures and gain access as the last authorized user. Organizations utilizing these products should assess their security posture and implement appropriate measures to address this vulnerability.

Affected Version(s)

AMS 0 <= 5.0

BIS 0 <= 4.9.2

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-3910...

vendor-advisory

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2024
Vulnerability Reserved
May 4, 2023

CVE-2023-32228 Data

JSON