Incomplete Documentation of Program Execution

CVE-2023-29241

High

8.1/10

Summary

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1112 - Incomplete Documentation of Program Execution

The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed.

References

Advisory Timeline

Published Jun 30, 2023

Incomplete Documentation of Program Execution

CVE-2023-29241

Summary

CWE-1112 - Incomplete Documentation of Program Execution

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS