7.4

CVE-2022-32540

EPSS 0.14%
Veröffentlicht 30.09.2022 17:15:12
Zuletzt bearbeitet 21.11.2024 07:06:35
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Bosch Video Management System Version >= 10.1 <= 10.1.1

Bosch ≫ Bosch Video Management System Version >= 11.1 <= 11.1.0

Bosch ≫ Bosch Video Management System Version11.0

Bosch ≫ Videojet Decoder 7513 Firmware Version10.23.0002

Bosch ≫ Videojet Decoder 7513 Version-

Bosch ≫ Videojet Decoder 7513 Firmware Version10.30.0005

Bosch ≫ Videojet Decoder 7513 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.345

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@bosch.com	7.4	2.2	5.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://psirt.bosch.com/security-advisories/bosch-sa-464066.html

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-32540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32540

EUVD