CVE-2021-23843

Published Jan 19, 2022

Last updated 3 years ago

CVSS high 7.8

Overview

Description: The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.
Source: psirt@bosch.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-306
psirt@bosch.com: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bosch:amc2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3032BCA-136A-470F-BD1D-A05FC5D22782"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:bosch:amc2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B51541D3-C8B6-4C5E-AC77-70A3F3D7D315"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bosch:access_management_system:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98BA3F6-853A-42EA-B7B9-7163AE2A7E74"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28B735B8-BBBB-43BD-A06C-3297E44DA485",
            "versionEndIncluding": "3.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FDA5B3-E4CB-4285-B3E3-C54F3394E9B2",
            "versionEndExcluding": "4.9.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References