Vulnerability Details : CVE-2021-23843
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.
Products affected by CVE-2021-23843
- cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:*
- cpe:2.3:o:bosch:amc2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:access_management_system:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-23843
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-23843
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Robert Bosch GmbH |
CWE ids for CVE-2021-23843
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- nvd@nist.gov (Primary)
- psirt@bosch.com (Secondary)
References for CVE-2021-23843
-
https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html
Multiple vulnerabilities in Bosch AMC2 (Access Modular Controller) | Bosch PSIRTMitigation;Vendor Advisory
Jump to