CVE-2023-35867

MEDIUM

Bosch Building Integration System Video Engine - Denial of Service

Title source: rule

Description

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

References (1)

[Vendor Advisory] https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html

Scores

CVSS v3 5.9

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-703

Status published

Products (14)

bosch/_onvif_camera_event_driver_tool < 2.0.0.8

bosch/bosch_video_management_system < 12.0

bosch/building_integration_system_video_engine < 5.0.1

bosch/configuration_manager < 7.62

bosch/divar_ip_7000_r2_firmware < 12.0

bosch/divar_ip_all-in-one_4000_firmware < 12.0

bosch/divar_ip_all-in-one_5000_firmware < 12.0

bosch/divar_ip_all-in-one_6000_firmware < 12.0

bosch/divar_ip_all-in-one_7000_firmware < 12.0

bosch/divar_ip_all-in-one_7000_r3_firmware < 12.0

... and 4 more

Published Dec 18, 2023

Tracked Since Feb 18, 2026