CVE-2019-6958

Name of the Vulnerable Software and Affected Versions Bosch Video Management System (BVMS) versions 9.0 and below DIVAR IP versions 2000 through 7000 Configuration Manager (affected versions not specified) Building Integration System (BIS) with Video Engine (affected versions not specified) Access Professional Edition (APE) (affected versions not specified) Access Easy Controller (AEC) (affected versions not specified) Bosch Video Client (BVC) (affected versions not specified) Video SDK (VSDK) (affected versions not specified)

Description The issue is related to improper access control, allowing access without authentication through the RCP+ network port. This can enable a potential attacker to delete video or read video data. The problem is classified as an improper access control issue.

Recommendations For Bosch Video Management System (BVMS) versions 9.0 and below, add an authentication feature to the respective library to fix the issue. For DIVAR IP versions 2000 through 7000, add an authentication feature to the respective library to fix the issue. For Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC), and Video SDK (VSDK), add an authentication feature to the respective library to fix the issue, as the specific affected versions are not specified.