Full Report
Kaspersky ICS CERT discovered a Denial of Service of the device through GET HTTP request to the web server of camera.
Analysis Summary
# Vulnerability: Robert Bosch GmbH CPP HD/MP Cameras Denial of Service
## CVE Details
- **CVE ID:** CVE-2021-23852
- **CVSS Score:** 4.9 (Medium) — *Note: While the source text mentions 0.0, the provided vector `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H` calculates to 4.9.*
- **CWE:** CWE-400 (Uncontrolled Resource Consumption)
## Affected Systems
- **Products:** Bosch CPP HD/MP Cameras (CPP4, CPP6, CPP7, CPP7.3, CPP13) and AVIOTEC cameras.
- **Versions:**
- **CPP4:** All versions before 7.10.0095
- **CPP6:** All versions 7.60, 7.61, and 7.62 before 7.62.0005; 7.70; 7.80 before 7.80.0129
- **AVIOTEC:** All versions 7.61, 7.70, and 7.72 before 7.72.0013
- **CPP7:** All versions 7.60, 7.61, 7.70, 7.72; 7.62 before 7.62.0005; 7.80 before 7.80.0129
- **CPP7.3:** All versions 7.60, 7.61, 7.70, 7.72; 7.62 before 7.62.0004; 7.80 before 7.80.0129
- **CPP13:** All versions 7.75 before 7.75.0008
- **Configurations:** Web server enabled on ports 80/TCP or 443/TCP.
## Vulnerability Description
A vulnerability in the web server of several Bosch camera families allows an authenticated attacker to cause a Denial of Service (DoS). By sending a specially crafted HTTP GET request to the camera's web interface, the device fails to properly manage resource consumption, leading to a hang or crash of the service.
## Exploitation
- **Status:** PoC described; vulnerability reported and confirmed.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
- **Privileges Required:** High (Account with "service" privileges required).
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (The camera becomes unresponsive or reboots).
## Remediation
### Patches
Users should update to the following firmware versions (or newer):
- **CPP4:** FW 7.10.0095
- **CPP6 / CPP7:** FW 7.62.0005 or 7.80.0129
- **CPP7.3:** FW 7.62.0004 or 7.80.0129
- **AVIOTEC:** FW 7.72.0013
- **CPP13:** FW 7.75.0008
### Workarounds
- **Firewalling:** Restrict access to ports 80 and 443 from untrusted networks.
- **IP Filtering:** Use the camera's built-in whitelist feature to allow only trusted IP addresses.
- **Management Tools:** Use Bosch Configuration Manager instead of the web interface to minimize exposure.
- **Session Hygiene:** Always log out and close the browser completely after finishing a session to prevent session-related exploits.
## Detection
- **Indicators of Compromise:** Unexplained device reboots or loss of video feed/web interface accessibility.
- **Detection Methods:** Monitor network traffic for unusual or malformed GET requests directed at camera management IPs, especially from unauthorized administrative sources.
## References
- **Vendor Advisory:** Robert Bosch GmbH Security Advisory (Published 09 June 2021)
- **NVD:** [https://nvd.nist.gov/vuln/detail/CVE-2021-23852](https://nvd.nist.gov/vuln/detail/CVE-2021-23852)
- **Kaspersky ICS CERT:** [https://ics-cert.kaspersky[.]com/advisories/2021/07/02/klcert-21-032-robert-bosch-gmbh-cpp-hd-mp-cameras-denial-of-service-via-get-http-request/](https://ics-cert.kaspersky.com/advisories/2021/07/02/klcert-21-032-robert-bosch-gmbh-cpp-hd-mp-cameras-denial-of-service-via-get-http-request/)