Summaryinfo

A vulnerability was found in Bosch B420 02.02.0001. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes improper authentication. This vulnerability is registered as CVE-2022-47648. The attack requires access to the local network. No exploit is available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in Bosch B420 02.02.0001. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user.

The weakness was published 02/09/2023. The advisory is shared at drive.google.com. This vulnerability is known as CVE-2022-47648 since 12/21/2022. Neither technical details nor an exploit are publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2022-50407). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Bosch

Name

• B420

Version

• 02.02.0001

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion