{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T17:47:21.500","vulnerabilities":[{"cve":{"id":"CVE-2021-23842","sourceIdentifier":"psirt@bosch.com","published":"2022-01-19T21:15:08.137","lastModified":"2024-11-21T05:51:55.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet."},{"lang":"es","value":"La comunicación con el AMC2 usa un algoritmo criptográfico de última generación para el cifrado simétrico llamado Blowfish. Un atacante podría recuperar la clave del firmware para descifrar el tráfico de red entre el AMC2 y el sistema anfitrión. Así, un atacante puede explotar esta vulnerabilidad para descifrar y modificar el tráfico de red, descifrar e investigar el archivo de firmware del dispositivo y cambiar la configuración del mismo. El atacante necesita tener acceso a la red local, normalmente incluso a la misma subred"}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bosch:amc2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A3032BCA-136A-470F-BD1D-A05FC5D22782"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bosch:amc2:-:*:*:*:*:*:*:*","matchCriteriaId":"B51541D3-C8B6-4C5E-AC77-70A3F3D7D315"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bosch:access_management_system:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C98BA3F6-853A-42EA-B7B9-7163AE2A7E74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.0","matchCriteriaId":"28B735B8-BBBB-43BD-A06C-3297E44DA485"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.1","matchCriteriaId":"95FDA5B3-E4CB-4285-B3E3-C54F3394E9B2"}]}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html","source":"psirt@bosch.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}