A vulnerability, which was classified as critical, was found in Bosch Smart Home System App up to 9.17.0 on iOS (iOS App Software).
A home that thinks for itself. Intelligent connected devices that make your home safer and life easier- that’s Bosch Smart Home.
Our products allow your home to automatically control regular processes within your home. Installation and operation with the Smart Home App couldn’t be simpler – even when you are away from home.
This means fewer daily chores for you and more time to enjoy life. We help you start living smartly with personal advice and comprehensive services.
You can use all functions of our products all the time at no additional cost. Enjoy more convenience and the good feeling that everything is under control at home.
This affects some unknown processing of the component Certificate Validation Handler. The manipulation with an unknown input leads to a weak authentication vulnerability (Man-in-the-Middle). CWE is classifying the issue as CWE-295 .
This is going to have an impact on confidentiality, integrity, and availability.
The weakness was released 09/16/2020. It is possible to read the advisory at psirt.bosch.com .
This vulnerability is uniquely identified as CVE-2020-6781 since 01/10/2020. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 9.17.1 eliminates this vulnerability.