{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-33618", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2024-06-17T09:19:04.535Z", "datePublished": "2026-04-15T09:51:52.722Z", "dateUpdated": "2026-04-15T13:09:13.468Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2026-04-15T09:51:52.722Z"}, "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface."}], "affected": [{"vendor": "Bosch", "product": "BVMS", "versions": [{"version": "6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "BVMS Viewer", "versions": [{"version": "8.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 7000 R3", "versions": [{"version": "10.1", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP 7000 R2", "versions": [{"version": "9.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 5000", "versions": [{"version": "9.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 7000", "versions": [{"version": "6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "DIVAR IP all-in-one 4000", "versions": [{"version": "11.1.1", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "DIVAR IP all-in-one 6000", "versions": [{"version": "11.1.1", "status": "affected", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T13:09:08.201665Z", "id": "CVE-2024-33618", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:09:13.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33618", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T13:09:08.201665Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T13:09:10.441Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Bosch", "product": "BVMS", "versions": [{"status": "affected", "version": "6.0", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "BVMS Viewer", "versions": [{"status": "affected", "version": "8.0", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 7000 R3", "versions": [{"status": "affected", "version": "10.1", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP 7000 R2", "versions": [{"status": "affected", "version": "9.0", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 5000", "versions": [{"status": "affected", "version": "9.0", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "Bosch DIVAR IP all-in-one 7000", "versions": [{"status": "affected", "version": "6.0", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "DIVAR IP all-in-one 4000", "versions": [{"status": "affected", "version": "11.1.1", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}, {"vendor": "Bosch", "product": "DIVAR IP all-in-one 6000", "versions": [{"status": "affected", "version": "11.1.1", "versionType": "custom", "lessThanOrEqual": "12.0.1"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2026-04-15T09:51:52.722Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33618", "state": "PUBLISHED", "dateUpdated": "2026-04-15T13:09:13.468Z", "dateReserved": "2024-06-17T09:19:04.535Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2026-04-15T09:51:52.722Z", "assignerShortName": "bosch"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 \r\nallows attackers to consume excessive amounts of disk space via network interface."}], "id": "CVE-2024-33618", "lastModified": "2026-04-15T10:16:37.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2026-04-15T10:16:37.120", "references": [{"source": "psirt@bosch.com", "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-162032-BT.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@bosch.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.0,12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "BVMS", "source": "cna", "vendor": "Bosch"}, "product": "bvms", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[8.0,12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "BVMS Viewer", "source": "cna", "vendor": "Bosch"}, "product": "bvms_viewer", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.0,12.0.1]"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "Bosch DIVAR IP 7000 R2", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_7000_r2", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.1.1,12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIVAR IP all-in-one 4000", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_all-in-one_4000", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.0,12.0.1]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 91.0, "source": "matching"}]}, "original": {"product": "Bosch DIVAR IP all-in-one 5000", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_all-in-one_5000", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.1.1,12.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIVAR IP all-in-one 6000", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_all-in-one_6000", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.0,12.0.1]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 91.0, "source": "matching"}]}, "original": {"product": "Bosch DIVAR IP all-in-one 7000", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_all-in-one_7000", "vendor": "bosch"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[10.1,12.0.1]"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "Bosch DIVAR IP all-in-one 7000 R3", "source": "cna", "vendor": "Bosch"}, "product": "divar_ip_all-in-one_7000_r3", "vendor": "bosch"}], "analysis": {"en": {"generated_at": "2026-04-15T11:27:17.630446+00:00", "value": {"mitigation_remediation": ["Apply the latest Bosch VMS update that addresses the disk\u2011space consumption flaw, preferably version 12.0.2 or newer.", "If applying a patch is delayed, block or restrict traffic to the VMS Central Server from untrusted networks and limit write permissions on the disk volume used by the VMS.", "Configure disk\u2011space monitoring and alerts, and enforce quotas to prevent the VMS process from consuming all available storage."], "summary": {"action": "Immediate Patch", "impact": "Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "Vendor Bosch has affected products including Bosch BVMS, Bosch BVMS Viewer, Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all\u2011in\u2011one 5000, Bosch DIVAR IP all\u2011in\u2011one 7000, Bosch DIVAR IP all\u2011in\u2011one 7000 R3, DIVAR IP all\u2011in\u2011one 4000 and DIVAR IP all\u2011in\u2011one 6000 running Bosch VMS 12.0.1. The vulnerability resides in the Central Server component of VMS 12.0.1.", "description_and_impact": "An uncontrolled resource consumption flaw in the Bosch VMS Central Server allows an attacker to drain disk space by sending malicious input over the network. This can lead to a denial\u2011of\u2011service condition where the system runs out of storage, potentially causing service interruptions, data loss, or cascading failures of dependent applications. The weakness is a classic CWE\u2011400 \"Uncontrolled Resource Consumption\" scenario, which affects confidentiality, integrity, and availability if not mitigated.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, and although EPSS data is not available, the lack of a KEV listing suggests no widely known exploitation yet. The likely attack vector is remote over the network, where an attacker can send crafted traffic that consumes disk space. Successful exploitation would require network access to the affected server and could be achieved without authentication if the service is exposed."}}}}, "created": "2026-04-15T13:49:14.856891+00:00", "title": "Uncontrolled Resource Consumption via Disk Usage in Bosch VMS Central Server", "updated": "2026-04-15T14:53:05.582640+00:00", "vendors": ["bosch", "bosch$PRODUCT$bvms", "bosch$PRODUCT$bvms_viewer", "bosch$PRODUCT$divar_ip_7000_r2", "bosch$PRODUCT$divar_ip_all-in-one_4000", "bosch$PRODUCT$divar_ip_all-in-one_5000", "bosch$PRODUCT$divar_ip_all-in-one_6000", "bosch$PRODUCT$divar_ip_all-in-one_7000", "bosch$PRODUCT$divar_ip_all-in-one_7000_r3"]}