CVE-2021-23843
📋 TL;DR
This vulnerability allows attackers on the local network to bypass password protection on Bosch AMC2 device configuration tools, enabling unauthorized configuration changes. It affects organizations using Bosch AccessIPConfig.exe and AmcIpConfig.exe software to manage AMC2 devices. Attackers can manipulate device settings or disrupt network operations.
💻 Affected Systems
- Bosch AccessIPConfig.exe
- Bosch AmcIpConfig.exe
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker takes full control of AMC2 devices, reconfigures them maliciously, or renders them unresponsive, causing operational disruption and potential safety issues in industrial environments.
Likely Case
Unauthorized configuration changes leading to device malfunction, network disruption, or loss of configuration integrity in affected systems.
If Mitigated
Limited impact with proper network segmentation and access controls preventing local network attackers from reaching vulnerable devices.
🎯 Exploit Status
Exploitation requires local network access but no authentication; attack vector is straightforward once on the network.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.01.04
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html
Restart Required: No
Instructions:
1. Download updated software version 1.01.04 from Bosch. 2. Install the update on systems running AccessIPConfig.exe or AmcIpConfig.exe. 3. Verify the update by checking the software version.
🔧 Temporary Workarounds
Network Segmentation
allIsolate AMC2 devices and configuration systems on separate VLANs with strict access controls.
Restrict Configuration Access
allLimit physical and network access to devices running configuration tools to authorized personnel only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate AMC2 devices from untrusted networks
- Monitor network traffic to/from AMC2 devices for unauthorized configuration attempts
🔍 How to Verify
Check if Vulnerable:
Check the version of AccessIPConfig.exe or AmcIpConfig.exe; if below 1.01.04, the system is vulnerable.Check Version:
Right-click on AccessIPConfig.exe or AmcIpConfig.exe → Properties → Details tab → File versionVerify Fix Applied:
Verify the software version shows 1.01.04 or higher after update installation.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to configuration tools
- Unexpected configuration changes on AMC2 devices
Network Indicators:
- Unusual network traffic to AMC2 devices from unauthorized IPs
- Configuration protocol traffic outside normal patterns
SIEM Query:
source_ip NOT IN (authorized_ips) AND dest_port IN (amc2_ports) AND protocol = 'configuration_protocol'