Bosch VMS Patch for BVMS-11.1.1.65: 413813, 405734, 393949, 393486 - Security Issue, OC crash, OC max clients reached, SSH connection bandwidth
-----------------------------------------------------------------------------------------------------------------------------------------------

Patch ID: 413813, 405734, 393949, 393486
Patch Title: Security Issue, OC max clients reached, SSH connection bandwidth
Patch Target Version: BVMS-11.1.1.65


Patch Details:
----------------

This patch fixes issue 413813 by preventing the Operator Client to crash when logging in with an enterprise user.

This patch fixes issue 405734, preventing security issues.
CVE identification number:
CVE-2023-28175

This patch fixes issue 393949 by improving the behaviour of Operator Client during forced activations.
This patch fixes issue 393486 by improving the SSH connection and adding logging for download speed of the elements file.


Problem Details:
----------------

Issue 413813 caused the problem that logging in with an enterprise user leads to an Operator Client crash.
Issue 405734 caused a security problem via a vulnerability.
Issue 393949 caused the problem that after some forced activations the Operator Client shows "max clients reached" although not too many clients are connected.
Issue 393486 improves SSH connection bandwidth by latency in network.


Affected Bosch VMS Components / Machines:
-----------------------------------------

- Bosch VMS Management Server
- Bosch VMS Operator Client
- Bosch VMS Cameo SDK


Uninstallation of the Patch:
----------------------------
Logon as a User with 'Administrator rights' or as the 'Administrator' itself
Open 'Control Panel'  'Programs'  'Programs and Features'  'View installed updates'
Select the Patch in the list and press 'Uninstall'

or

Start cmd.exe with 'RunAs Administrator'
Run the following command
msiexec.exe /I {ABE97F4F-8AC2-FADB-EE7C-2512330CA006} MSIPATCHREMOVE={FC9A6C34-32DE-49DA-8CAF-56E95E5F2892} /qb


List of Replaced Files:
-----------------------

- AppData\Server\CentralServer\ServerDependenciesInjection.xml

- Bosch.Vms.Backend.Shared.SshServerConfig.dll [Version 11.1.1.110]
- Bosch.Vms.Client.OpClient.ClientScripts.Imp.dll [Version 11.1.1.110]
- Bosch.Vms.Frontend.OpClient.Communication.dll [Version 11.1.1.110]
- Bosch.Vms.Frontend.OpClient.Remoting.dll [Version 11.1.1.110]
- Bosch.Vms.Frontend.OpClient.ServerManagement.dll [Version 11.1.1.110]
- Bosch.Vms.Frontend.OpClient.Wcf.dll [Version 11.1.1.110]
- Bosch.Vms.Service.Server.Modules.SshServerConfigProvider.dll [Version 11.1.1.110]
- Bosch.Vms.Shared.Communication.WcfClient.dll [Version 11.1.1.110]
- Bosch.Vms.Shared.WebServices.Contracts.Support.dll [Version 11.1.1.110]

- BvmsSshServer.exe [Version 11.1.1.110]
- BvmsSshServer.exe.config

- Rebex.Common.dll [Version 6.0.8334.0]
- Rebex.FileServer.dll [Version 6.0.8334.0]
- Rebex.Networking.dll [Version 6.0.8334.0]
- Rebex.SshShell.dll [Version 6.0.8334.0]
- Rebex.Terminal.dll [Version 6.0.8334.0]
