Philip Kazmeier

**Name of the Vulnerable Software and Affected Versions** ProSyst mBS SDK versions prior to 8.2.6 Bosch IoT Gateway Software versions prior to 9.2.0 **Description** A directory traversal issue exists in the remote access to backup and restore functionality, allowing remote attackers to write or delete files at any location. **Recommendations** For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later to resolve the issue. For Bosch IoT Gateway Software versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ProSyst mBS SDK versions prior to 8.2.6 Bosch IoT Gateway Software versions prior to 9.2.0 **Description** The issue allows remote attackers to gather information about the file system structure due to the leakage of stack traces in remote access to backup and restore functionality. **Recommendations** For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later to resolve the issue. For Bosch IoT Gateway Software versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ProSyst mBS SDK versions prior to 8.2.6 Bosch IoT Gateway Software versions prior to 9.0.2 **Description** A HTTP Traversal Attack allows remote attackers to read files outside the http root. **Recommendations** For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later. For Bosch IoT Gateway Software versions prior to 9.0.2, update to version 9.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** ProSyst mBS SDK versions prior to 8.2.6 Bosch IoT Gateway Software versions prior to 9.3.0 **Description** A Server-Side Request Forgery (SSRF) issue in the backup and restore functionality allows a remote attacker to forge GET requests to arbitrary URLs. This could potentially enable an attacker to read sensitive zip files from the local server. **Recommendations** For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later to resolve the issue. For Bosch IoT Gateway Software versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller versions prior to 9.8.905 **Description** A potential improper access control issue exists in the JSON-RPC interface that may allow reading or modification of the configuration or triggering and restoring backups. To exploit this, an adversary must first successfully pair an app or service, which requires user interaction. **Recommendations** For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting access to the JSON-RPC interface until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller (SHC) versions prior to 9.8.905 **Description** A potential incorrect privilege assignment issue exists in the app permission update API, which may allow a restricted app to obtain default app permissions. To exploit this, an adversary must first successfully pair an app with restricted permissions, requiring user interaction. **Recommendations** For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting app pairing to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller versions prior to 9.8.905 **Description** A potential improper access control issue exists in the backup mechanism of the Bosch Smart Home Controller. This issue may allow unauthorized download of a backup. To exploit this, an adversary must download the backup directly after a legitimate user has triggered a backup. **Recommendations** For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup mechanism to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller versions prior to 9.8.905 **Description** A potential improper access control issue exists in the JSON-RPC interface that may result in a denial of service of the controller and connected devices. To exploit this, an adversary must first successfully pair an app or service, which requires user interaction. **Recommendations** For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller versions prior to 9.8.907 **Description** A potential incorrect privilege assignment issue exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller. This issue may result in a restricted app obtaining default app permissions. To exploit this issue, an adversary needs to have successfully paired an app, which requires user interaction. **Recommendations** For versions prior to 9.8.907, update to version 9.8.907 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bosch Smart Home Controller versions prior to 9.8.905 **Description** A potential incorrect privilege assignment issue exists in the app pairing mechanism, which may result in elevated privileges. To exploit this, an adversary needs physical access to the device during the attack. **Recommendations** For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue.