Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

AMS

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2023-32228
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 22.40%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 09:05
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-AMSBIS
CWE ID-CWE-115
Misinterpretation of Input
CVE-2021-23843
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 20:38
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of authentication mechanisms on the device

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-access_management_systemaccess_professional_editionamc2_firmwarebuilding_integration_systemamc2BISAMSAPEAMC2
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-23842
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 5.90%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 20:38
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-coded Cryptographic Key

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-access_management_systemaccess_professional_editionamc2_firmwarebuilding_integration_systemamc2BISAMSAPEAMC2
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials