Remote Code Execution Vulnerability in Bosch Praesensa and Bosch Praesideo (CVE-2024-25104)

Advisory No: TZCERT/SA/2024/05/17-5

Date of First Release: 17^th May 2024

Source: Bosch

Software Affected: Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station

Overview:

Three Bosch are vulnerable to a critical vulnerability. The attackers can leverage the vulnerability to execute arbitrary code on the server machine.

Description:

The critical vulnerability rated at 9.8 and tracked as CVE-2024-25104 is affecting Bosch Praesensa Logging Application, Bosch Praesideo Logging Application, and Bosch Praesideo PC Call Station. The weakness is caused by missing a security tactic during the architecture and design phase. Attackers can exploit the vulnerability to execute remote code on the server machine.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control of affected system.

Solution:

Bosch has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://psirt.bosch.com/security-advisories/bosch-sa-106054-bt.html