CVE-2020-6774
📋 TL;DR
This vulnerability allows a local unauthenticated attacker to escape from Kiosk Mode in Bosch Recording Station and gain access to the underlying operating system. This affects organizations using Bosch Recording Station in kiosk mode deployments where physical access to the device is possible. The attacker could potentially execute arbitrary code, access sensitive data, or compromise the entire system.
💻 Affected Systems
- Bosch Recording Station
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attacker to install malware, steal sensitive data, pivot to other systems on the network, or disrupt critical operations.
Likely Case
Local privilege escalation leading to unauthorized access to system files, configuration data, and potentially network resources accessible from the compromised system.
If Mitigated
Limited impact if proper network segmentation, least privilege access, and monitoring are in place to contain the breach.
🎯 Exploit Status
The vulnerability requires local access but no authentication, making it relatively easy to exploit for anyone with physical access to the device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.9.2.25 and later
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-363824-BT.html
Restart Required: Yes
Instructions:
1. Download Bosch Recording Station version 7.9.2.25 or later from official Bosch sources. 2. Backup current configuration. 3. Install the update following Bosch's installation procedures. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable Kiosk Mode
windowsTemporarily disable Kiosk Mode functionality until patching can be completed
Physical Security Controls
allImplement strict physical access controls to prevent unauthorized personnel from accessing devices
🧯 If You Can't Patch
- Implement strict physical security controls to prevent unauthorized access to devices
- Apply network segmentation to isolate affected systems from critical network resources
🔍 How to Verify
Check if Vulnerable:
Check Bosch Recording Station version in the application interface or Windows Programs and Features. If version is below 7.9.2.25 and Kiosk Mode is enabled, the system is vulnerable.Check Version:
Check application version through Bosch Recording Station GUI or Windows Control Panel > Programs and FeaturesVerify Fix Applied:
Verify the installed version is 7.9.2.25 or later in the application interface or Windows Programs and Features.📡 Detection & Monitoring
Log Indicators:
- Unexpected application crashes
- Unauthorized process executions
- Changes to kiosk mode settings
- Multiple failed authentication attempts followed by successful access
Network Indicators:
- Unusual outbound connections from the recording station
- Unexpected network scans originating from the device
SIEM Query:
source="bosch-recording-station" AND (event_type="kiosk_mode_bypass" OR process_name="cmd.exe" OR process_name="powershell.exe")