CVE-2022-32540

Summary

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

Affected Software

VendorProductVersion RangeStatus
BoschBVMS11.1 <= 11.1.0affected
BoschBVMS11.0 <= 11.0.0affected
BoschBVMS10.1 <= 10.1.1affected
BoschVJD-751310.23.0002affected
BoschVJD-751310.30.0005affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References