Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

Release Letter

H.264 Firmware for

Products:
CPP4 HD/MP cameras

Version:
7.10.0096

This letter contains latest information about the above mentioned firmware version.

1 General
This firmware release is a bugfix release based on FW 7.10.0095.
It is an upgrade for CPP4 based cameras only.

Firmware release 7.10 is the last feature release for CPP4 cameras.

Changes since last release are marked in blue.

1 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

2 Applicable products:
• AUTODOME IP 4000 HD • Vandal-proof FLEXIDOME HD 720p
• AUTODOME IP 5000 HD • FLEXIDOME IP panoramic 5000
• AUTODOME IP 5000 IR • FLEXIDOME IP indoor 5000 HD
• AUTODOME IP 7000 series • FLEXIDOME IP indoor 5000 MP
• DINION HD 1080p • FLEXIDOME IP indoor 4000 HD
• DINION HD 1080p HDR • FLEXIDOME IP indoor 4000 IR
• DINION HD 720p • FLEXIDOME IP outdoor 4000 HD
• DINION imager 9000 HD • FLEXIDOME IP outdoor 4000 IR
• DINION IP bullet 4000 • FLEXIDOME IP micro 5000 HD
• DINION IP bullet 5000 • FLEXIDOME IP micro 5000 MP
• DINION IP 4000 HD • FLEXIDOME IP outdoor 5000 HD
• DINION IP 5000 HD • FLEXIDOME IP outdoor 5000 MP
• DINION IP 5000 MP • FLEXIDOME IP micro 2000 HD
• DINION IP starlight 7000 HD • FLEXIDOME IP micro 2000 IP
• EXTEGRA IP dynamic 9000 • IP bullet 4000 HD
• EXTEGRA IP starlight 9000 • IP bullet 5000 HD
• FLEXIDOME corner 9000 MP • IP micro 2000
• FLEXIDOME HD 1080p • IP micro 2000 HD
• FLEXIDOME HD 1080p HDR • MIC IP dynamic 7000
• FLEXIDOME HD 720p • MIC IP starlight 7000
• Vandal-proof FLEXIDOME HD 1080p • TINYON IP 2000 family
• Vandal-proof FLEXIDOME HD 1080p HDR

(* first introduced with this release)

2 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

3 Important notes:
3.1 End of Feature – Maintenance mode started
With this release, feature implementation for this platform ends, and the firmware development will
switch over into maintenance mode. The firmware branch for CPP4 is now treated as a long-term
supported firmware (LTSFW), with its code base frozen to allow bug fixing and applying security
fixes where necessary.

3.2 Two-factor authenticated firmware signature

The security of the signature of the firmware file has been strengthened by using a two-factor
authentication process for signing the final released firmware file. This new process has been
prepared for with firmware 6.50 and comes into effect with succeeding versions.

The new signature protects from non-released versions being installed in productive systems. As a
result, pre-release (beta) versions, required sometimes in projects, need to have a special license
installed prior to the firmware update. Requests for pre-release versions need to be handled via tech
support tickets in order to allow tracking and require a concession signed by the customer.

In case a firmware must be downgraded from a device with firmware 6.51 or higher installed, the
downgrade is only possible via firmware 6.50 with an updated signature. Please contact our customer
service or technical support to get a link to this firmware.

3.3 Firmware file encryption

In order to upload version 6.51 to a device running a firmware version below 6.50, you need to
upgrade first to version 6.50, since older firmware versions do not support firmware file decryption.

3.4 “Originally manufactured” certificate

Since firmware version 6.30 all cameras are prepared to receive a unique Bosch certificate during
production, assigned and enrolled by Escrypt LRA. These certificates prove that every device is an
original Bosch-manufactured and untampered unit.
Escrypt is a Bosch-owned company, providing a public certificate authority (CA).
Enrollment of the certificates in production is asynchronous to this firmware release.

3.5 File System Introduction

Due to an internal file system being introduced since firmware 6.1x and architectural changes thereof,
an upgrade to firmware 6.20 and higher is only possible from firmware 6.1x versions or higher.
Cameras with previous firmware versions below 6.1x first need to upgrade to firmware 6.1x.

3 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

3.6 TPM
All CPP4 devices incorporate a Trusted Platform Module (TPM) with own firmware.
This TPM hardware and firmware have been enhanced over time to allow for additional security
features.
Due to security reasons, the firmware or functionality of the TPM cannot be altered in the field.
Thus, not all new security features become available on devices with older TPM hardware or firmware
revisions.

4 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

4 Changes
• An issue is fixed where MSS and MTU settings may have come out of sync. During a write to
the MTU size, the MSS is now checked and, if fragmentation would occur, would implicitly be
adjusted to a value of MTU-40, before the MTU is reduced.

5 System Requirements
• Web Browsers:
o Microsoft Internet Explorer 11 or higher
o Mozilla Firefox
• DirectX 11
• MPEG-ActiveX 6.33 or newer
• Configuration Manager 6.20 or newer

5 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

6 Restrictions; Known Issues

User Interface
• If UAC is set to default in Windows 7, no snapshot or recording via LIVEPAGE is possible.
• Video and audio may be asynchronous during replay via Web page.
• If a VCA configuration using a rule engine is switched to a VCA configuration without using a
rule engine, e.g. MOTION+ or IVA default configuration, the saved configuration is invalid.
Forensic search with this configuration may lead to undesired search results.
• In rare cases it may happen that no recordings can be found on PC with Windows XP SP2
and IE6. Internet Explorer may stay in status ‘connecting on replay page’. An update of
Internet Explorer is recommended.
• In Firefox, no audio is audible on the Audio Settings page.
• Opera mini for mobile devices cannot work in Intranets because it gets all pages through an
opera proxy in the Internet. If there is no Internet connection no content is provided.
• When changing GUI language, the browser cache may have to be deleted and the web
browser be reloaded before the language will be selected correctly.
• Google Chrome requires a plug-in for displaying TIFF images to properly show the reference
image.
• IE10 by default does not allow snapshots or recording from the LIVEPAGE on local hard disk
until one of the following actions is performed:
o - uncheck the box "Enable Protected Mode" in internet options/security
o - add the device’s IP range to "Local intranet" zone
o - add the device’s IP address to the trusted sites
o - start IE as administrator
• If an intranet site is opened, IE10 automatically runs in compatibility mode.
This leads to a misbehaviour that no timeline is shown on the PLAYBACK page.
Therefore the function "Display intranet sites in Compatibility View" must be disabled.
• With HTTPS connection in MS IE and VideoSDK 5.71 installed, swapping between stream 1
and 2 may cause the watermarking icon for stream 2 disappear.
This may happen only for TCP video streams with infinite I-frame distance and B-frames on.
A fix is available since VideoSDK 5.71 MR1.
• Upgrading the firmware to version 6.10 may require clearing the Web browser cache to have
the new user interface style appear.
• Fluent decoding of buffered .mp4 video from camera is strongly dependent on the browser,
Jerky video may occur, e.g. with Mozilla Firefox 52.0, which is not a camera malfunction.
• Shutter time values in preview window might slightly deviate from rounded values selectable
from dropdown menu.
• Privacy masks and other orientation-related parameters must be checked and eventually re-
assigned after rotating a camera.

6 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

• Exchanging the company and device logo might not be possible anymore due to strengthened
web browser security features, although the settings are still possible in the web user
interface.

Encoding
• Only H.264 Main Profile using CABAC is supported. CAVLC is not supported.
• JPEG always has HD 1080p format, although stream 1 could be set to SD (480p).
• Frame rates in low light mode might vary and cause bit rate control to produce higher bit rates
than set as maximum.
• Aspect ratios 16:9 and 4:3 are not combinable. Aspect ratio from stream 1 will lead.
• With GOP structure set to IBP and IBBP the I-frame distance may not exactly correspond with
the set value.
• For stream setting “Dual ROI” the maximum resolution of stream 2 is 288p regardless of a
higher resolution selected in the encoder profile.
• If bit rate is already reaching maximum level due to image content to be encoded, encoder
quality regions with setting “object” cannot be improved for quality anymore and differences
will gradually be reduced.

Security
• When using certificates for mutual authentication, it must be ensured that the camera uses a
solid and trusted time base. In case the time differs too much from the actual time, a client
might be locked out. Then, only a factory default will recover access to the camera.
• Underscore character (“_”) and blank space are not allowed in common name in certificates.
• Excessive signing, e.g. due to very short video authentication signing interval, may have an
impact on TLS connection setup.
• Client authentication is not working using Microsoft Edge as the browser does not send any
certificate for client authentication, so the camera has nothing to authenticate.
• Video authentication using SHA hashing mechanisms are not functional if no self-signed
certificate has been created yet. Opening an HTTPS connection once is prerequisite.
• Cameras with security coprocessor version 3 with an externally applied certificate will fail
HTTPS connections requesting SHA256. The restriction applies to all functions using the
private key from the certificate, including
o EAP-TLS with client authentication
o TLS-Time with client authentication
o TLS-Syslog with client authentication
With self-signed certificate, HTTPS is fully functional.
• Creating 2048 bit keys for self-signed certificates may take more than 20 seconds, extending
the initial boot cycle, which may occasionally cause a timeout on the very first HTTPS
connection to a camera. The next connection attempt typically is successful.

7 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

• If software sealing is active and SNMP is disabled in Network -> Network Services, no SNMP
trap will be sent out on seal break due to the disabled service. The seal break itself is logged.

Network
• QoS values are set according to group Video/Audio/Control for UDP packets, but for TCP
packets, only the QoS value for Video is inserted.
• IP addresses 172.20.1.0/30 which include 172.20.1.0 to 172.20.1.3 are reserved for internal
communication and must not be used as device addresses. Products without internal
communication ignore this restriction and allow the use of this range.

IVA
• IVA and flow need at least 12.5 frames per second video input frame rate. If IVA or Flow are
configured, minimum frame rate of 12.5 must be set in ALC mode.
• There is only one configuration for IVA. When analysis type is changed, e.g. from IVA to IVA
Flow, the former configuration is lost. Due to this, it is not possible to change the analysis type
in a VCA profile switch.
• Due to a limitation of the script language that is used in the background, the delay timer for
event-triggered VCA starts immediately when the configuration is set. A trigger event during
this period does not restart the timer. Once the timer has elapsed, operation is as desired.
• On devices with VCA FPGA an outgoing IPv6 connection fails when device is initiator, e.g.
trying to resolve a time server domain name,
• For 720p cameras, when switched to 1.3MP application mode, IVA does not work. As a result
also iAE does not work, as IVA is needed for that. And therefore also User Mode “Intelligent
AE” does not work optimally (it is using BLC).
• After firmware upgrade to version 6.10 the minimum object size seems being reset when
editing 'motion in field' task. As a proposed workaround check minimum object size and
correct value as applicable.
• “Too dark” alarm is not triggered under normal conditions due to the cameras low-light
capabilities.

MOTION+
• An alarm recording configured to be triggered by MOTION+ with masks may not be
operational after reboot. Saving MOTION+ configuration without any changes recovers from
that. Alternatively masks may not be used with MOTION+.

8 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

Recording
• LUN size for local recording via “Direct iSCSI” is limited to 2 TB.
• VRM version 2.12 or higher is required.
• In some cases formatting errors on external iSCSI drives may occur, which might need
multiple tries to overcome.
• In rare cases it may happen that the owner of an iSCSI LUN is not displayed correctly.
Recording is not affected, just previous owner remains displayed.
• If a device had primary and secondary recording running on SD card and is then added to a
VRM system, the blocks used for primary recording will not be re-used, reducing the available
recording space for the ANR recording. This can be solved by re-formatting the SD card.
• Throughput limit for simultaneous recording and local replay at 100% playback speed is:
o maximum total recording bit rate of 7 Mbps for external iSCSI recording
o maximum total recording bit rate of 10 Mbps for SD card recording, depending on
SD card performance
• SD card recording performance is highly dependent on the speed (class) and performance of
the SD card.
• With I-frame-only recording and audio also enabled for recording, audio will be fragmented or
not audible during replay. Please disable audio recording in case of I-frame-only recording.
• Numbering of the recorded files on the replay page is not always contiguous.
If snippets across block borders belong together, like pre-alarm and alarm recording, the
snippets become logically united and only the lower file number is presented in the list.
• SDXC cards are formatted to FAT32 file system and not using the exFAT file system as being
mandatory for SDXC standard compliance but fully recognized and accessible.
The maximum size of 2TB is also supported with FAT32, once SD cards of that size might
become available.
FAT32 also increases portability to other than Windows platforms.
• If a local media is exchanged, existing former recordings are only discovered after rebooting
the device.
• Physically removing the local storage media while recording causes the device to reboot.
Recording must be stopped before removal.
• Changing audio format while audio is being recorded may cause unknown behaviour of the
device and must be avoided.
• 5MP and larger JPEG streaming via RTSP is only possible with decoders supporting the
ONVIF extensions.
JPEG streaming via RTSP is based on RFC 2435. This RFC only allows for a maximum JPEG
size of 2048 by 2048.
With ONVIF, the original, larger JPEG headers can also be transmitted via RTP header
extensions. Unfortunately, this only works with decoders using these extensions, i.e. it does
not work with a standard VLC.
• After modifying account settings, e.g. FTP server address, to get the changes applied either
switching posting off and on or restarting the device is required.

9 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

• The storage system indicator status must be ignored during formatting of an SD card.
• Forcing the camera into an overload situation may cause undesired behaviour and in worst
cases even recording gaps. It should always be ensured that the CPU load is not consistently
around or at its maximum. This can be achieved by adapting encoder settings or avoiding too
many tasks, e.g. client sessions, in parallel.
• Sporadically occurring incorrect time zone info in recording packets may lead to gaps
displayed in the playback timeline. The video footage within the gap cannot be replayed but
becomes accessible via exporting the affected period. This may happen with firmware 6.32
below built 111.
• Remote recording is not working with actual firmware on devices running FW 5.5x or older
because of the recently added security features, which impact RCP+ communication and
password handling.

Export
• FTP exported files which include audio in a format other than AAC must be renamed from
.mp4 to .m4a to allow correct playback in QuickTime.
• With JPEG Posting active when device is booting, the first posted JPEG image may be a no-
cam logo.
• FTP posting with resolution 1080p delivers JPEG with size of 1920x1072 pixels due to 16
pixel macroblock boundary of the JPEG encoder.
• If FTP export files contain only a few frames some players might not correctly replay such a
file, or the replay is too quick to recognize something. The exported file is not corrupt though it
might seem so.
• Files exported using continuous FTP backup for Rec. 2 where stream 2 is set to I-frames only
mode contain wrong timing information and play back too fast.
• FTP export file size is always 100 MB if resolution change occurred in exported time span.
• Getting the file list from Dropbox may fail if there are too many objects (files and folders).
Limit is approximately higher than 500 objects but also dependent on file name length etc.
• Using “export from memory” with pre-alarm recording exceeding the available memory will
cause continuous recording on the account storage. Checking the memory requirement of the
pre-alarm ring is advised to avoid unexpected memory consumption.

ONVIF conformance
• When using GetPresets command preset names are not set for scene1 to scene6.

DIVAR IP 2000 / 5000

• Due to its improved security features, firmware 6.40 is not fully backward compatible with
DIVAR IP 2000 and DIVAR IP 5000. Upgrading cameras to FW 6.40 without to-be-released
firmware upgrades for DIVAR IP 2000 and DIVAR IP 5000 may cause configuration problems
and possibly stop recording.

10 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

DIVAR hybrid / network

• Cameras running FW 6.40 are only compatible with DIVAR network / hybrid FW 1.2.1 and
higher. With earlier DIVAR network / hybrid firmware versions, the I-frame distance needs to
be adapted to 30 or less.
• Cameras running FW 7.10 are only compatible with DIVAR network / hybrid FW 3.0.0 and
higher. Compatibility with earlier DIVAR network / hybrid firmware can be obtained by re-
enabling basic authentication or by using HTTPS.

Fixed cameras
• In case if there is no image displayed after upgrade to new firmware, please re-power the
camera. Applicable cameras :
o FLEXIDOME IP INDOOR 5000
o FLEXIDOME IP OUTDOOR 5000
o FLEXIDOME IP bullet 5000
o FLEXIDOME IP INDOOR 4000
o FLEXIDOME IP OUTDOOR 4000
o DINION IP 4000 HD
o DINION IP BULLET 4000 HD
o DINION IP 5000 HD
o DINION IP BULLET 5000 HD
o DINION IP 7000 HD
• If analogue video output is switched on, the frame rate of the first stream is limited to 15 fps.
• With analogue output enabled and image rotated, the stream 2 resolution is limited to 720x720
pixels maximum.
• On DINION IP starlight 7000 HD, running stream 1 with 720p60, stream 2 is limited to SD
resolution running at max. 30 fps.
• Due to the feature enrichment, panoramic and 5MP cameras needed some adaptations to free
enough memory to remain functional:
o The maximum JPEG quality for hardware encoding has been slightly reduced from 80
to 75. Software-encoded JPEGs use a quality of 100.
o Maximum I-frame distance remains at 60 fps while other CPP4 cameras have I-frame
distance extended to 255 for full utilization of Intelligent Streaming.
o Camera name stamping rows are limited to 2 instead of 6.

11 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

Dome cameras
• Autopan starts outside of defined range if orientation is set to “Inverted”.
• Tilt up limit is treated as lower tilt limit if orientation is set to “Inverted”.
• For VG5, when Fast Address was changed a reboot is required to activate it.
• In AUTODOMEs, blanked sector may trigger a “too dark” alarm.
• On AUTODOMEs, privacy masking does not cover the complete configured area if privacy
mask is placed too close to the edge of a scene. Move the target position to the center of the
scene before creating a privacy mask.
• If LIVEPAGE is refreshed during recording of Tour A/B on AUTODOMEs the button “Stop
display” will falsely display “Start recording” but still continue tour recording.
• After a firmware upload it may happen that the Privacy Masks and settings from Installer Menu
are set to default. Make sure to check if Privacy Masks and Installer Menu settings are still
valid after uploading new firmware.
• Some online help files describe a tracking icon which is not visible, documentation obsolete.
• For optimal image performance the user is advised not to turn off contrast enhancement
during normal camera operation.
• To improve Recorded (Guard) tour playback accuracy, Bosch recommends users record tours
using the User Interface (UI) instead of using a keyboard. In the event that the Recorded
(Guard) tour loses position accuracy during playback, users should re-home the camera using
the “Find home” button on the Live page.
• Since firmware 5.90 the camera module in AUTODOME 7000 HD receives a different setting
that is persistent over a firmware downgrade as older firmware doesn’t know of this parameter
to revert it.
If it is required to downgrade a RCP CGI command needs to be applied before or after the
downgrade:
http://<ipaddress>/rcp.xml?command=0x09a5&type=P_OCTET&direction=WRITE&protocol=T
CP&payload=0x80000405300381010424560000ff&num=1
• MIC 7000 orientation can be switched between normal and canted.
• When the user changes orientation from normal/canted to inverted (or vice versa), MIC 7000
will tilt itself up and over so that the visor and wiper are on top. If there is an attached
illuminator this would result in the illuminator hitting the MIC's body. To avoid this, MIC 7000
will not allow an orientation change while the illuminator is attached. A warning message with
“Yes/No” selection will be displayed when the user clicks the orientation radio button and the
MIC has an illuminator.
• On AUTODOME 7000 and MIC 7000 “HDR” can be selected in the preposition mapping but
has no effect as it is not supported in these models.
• NTCIP requires to have the SNMP port enabled to become functional. As the SNMP port,
amongst others, has been closed by default if not needed due to security improvements, it
must be re-enabled to allow NTCIP to work.
• Scene/VCA profile may not be correctly restored, causing the Sketch button to be disabled.

12 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

Miscellaneous
• After reboot, the system time re-synchronisation may be delayed up to 9 seconds for SNTP
respectively up to 14 seconds for time server protocol.
• AAC audio timestamps for UDP live video streams as well as for recording streams are based
on 90 kHz instead of 16 kHz to ensure compatibility with Video SDK.
AAC audio timestamps for TCP live video streams are based on the standard 16 kHz
timestamps. Standard players should connect to live video with AAC audio using TCP.
• After changing the selectable camera mode via alarm input the switch back to a previous
mode doesn't work anymore.
• Firmware upload stops recording when it fails or is terminated.
• After downgrade configuration integrity cannot be ensured and settings need to be checked or
re-configured. Sometimes even a factory default might be required, which is anyway
recommended after a firmware downgrade.
• When a configuration file is loaded to an incompatible camera, e.g. a configuration file from a
HD camera loaded onto a VGA camera, encoder settings might become invalid and need to
be re-configured.
• Uploading a configuration file from a different camera platform may result in unpredictable
behaviour.
• If it shall be checked if the image is not frozen, use milliseconds timestamp to verify.
• Intelligent Defog default is OFF under “Low bitrate” scene mode.
• When combining CPU-intensive functions like e.g. encryption, watermarking, or dual
recording, with high quality and high frame rate encoder settings, tuning of encoder profile
settings might be required to avoid overload situations.
• No time change is allowed during the time when the "hour is repeated".
• Maintenance log file creation and download requires some time, though there is no progress
indication, and needs to be waited for completion.
• Millisecond stamping on 60 fps cameras is refreshed with 30 Hz only, updating only every
second frame.
• JPEGs with VCA overlay are not fully synchronized. Shapes might be slightly off.
• Dual-ROI behaviour is changed since 6.50 to ask explicitly for the second exclusive stream.
Therefore, web browsers do not get the second Dual-ROI stream anymore with opening a
second window due to not requesting the exclusive stream. Clients like Video Security Client
or apps are not affected.
• RCP and HTTP commands from ATSL script use HTTP basic authentication. In order to send
commands to an external password protected device, basic authentication needs to be
actively allowed in the receiving device.

Please check the respective release letter of a camera for further device-specific restrictions.

13 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7 Previous Revisions
7.1 Changes with 7.10.0095

• An issue is fixed where auto-focus and auto-iris via NTCIP were not operating correctly on
AUTODOME IP 7000i.
• An issue is fixed where wiper control via NTCIP was not working.
• An issue is fixed where SRTP/RTSPS over port 9554 was not working.

During a penetration test, Kaspersky Lab, who was contracted by Bosch for IP camera security
maturity certification, detected some vulnerabilities which required immediate actions to ensure
the security of installations using our cameras.
For more details refer to our Security Advisory BOSCH-SA-478243-BT, published at our Security
Advisory web page
https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html
or visit our PSIRT website at https://psirt.bosch.com.
• An issue with reflected XSS in URL handler is fixed (CVE-2021-23848).
• An issue with denial of service due to invalid web parameter is fixed (CVE-2021-23852).
• An issue with improper input validation of HTTP header is fixed (CVE-2021-23853).
• An issue with reflected XSS in page parameter is fixed (CVE-2021-23854).

7.2 Changes with 7.10.0076

• An issue is fixed where ONVIF conformance could not be successfully tested.

• An issue is fixed where an outdated VCA calibration tab was displayed.
• A security vulnerability in the RCP+ server is fixed.
• HTTP digest authentication is set as default.

14 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.3 New Features with 7.10.0074

• A dashboard, available under service permissions, provides a compact but extensive view on
parameters that might be especially helpful for troubleshooting.
An export function provides even more details than displayed on the dashboard page.
• Scene mode names in fixed cameras have been adapted to reflect their intended use cases
better and synchronized between fixed and moving cameras. Scene modes settings have
been tuned accordingly to better match their intended applications.
• IP address can now be changed dynamically during runtime, not requiring a reboot cycle
anymore. This allows for quarantine network transition on 802.1x network configurations as
well as for dynamic IP address assignment from DHCP.
• Support of China GB/T 28181 has been updated to comply with 2016 standard.
• AES encryption on RTP connections is now possible, allowing encrypted UDP multicast
connections in a BVMS setup.
• Default value for TLS has been set to version 1.2 to increase security by default.
This may cause incompatibility with older client applications.
• Session cookie has been secured by default, disallowing authentication forwarding to MPEG
ActiveX and other applications, like replay via Video Security Client. Re-authentication is
required for these applications when called out of the web browser despite an already
authenticated browser session.
• An option to export from RAM recording buffer allows recording exports on the fly without
requiring an SD card or external iSCSI storage.
• A separate hostname setting is introduced. For backward compatibility, the hostname setting
is still pre-filled from entries in the camera and unit name fields but can then be configured
independently.
• Multicast connections for audio streams are now supported.
• An auto back-focus command is introduced to initiate an auto back-focus adjustment cycle
without the need for entering the Lens Wizard.
• The alarm rule output options on MIC are enhanced by AUX 68 “White Light ON”.

15 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.4 Changes with 7.10.0074

• An issue is fixed where too small pre-alarm recording buffers caused sporadic error
messages.
• An issue is fixed where sporadically a wrong Ethernet link mode was detected.
• An issue is fixed where empty connections could be established using an obsolete URL.
• An issue is fixed where sequence numbers in metadata RTP streams were wrong after VCA
was reconfigured.
• An issue is fixed where no folder could be added to a Dropbox account.
• An issue is fixed where device could not be registered in Remote Portal anymore.
• iSCSI MSS setting has been removed.

7.5 Changes with 6.61.0025

• An issue is fixed where the pan polarity from positioning via ONVIF was reversed.
• An issue is fixed where VCA counters were reset when VCA editing was started.
• An issue with a broken certificate chain in the “originally Bosch manufactured” certificate used
for HTTPS by default has been fixed. Corrupt certificates will be repaired.

16 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.6 New Features with 6.60.0065

Security
• Manual and automatic logout functionality added to the web browser interface:
o A “Logout” button is available in the blue navigation bar between “Links” and help
icon.
o A timeout in minutes for the browser session can be defined via the Web Interface ->
‘Live’ functions menu.
• Enhancements for Alarm Task Scripting:
o A seal break event can be used to trigger alarm task scripts.
o An SD card lifespan alarm can be used to trigger alarm task scripts.
• Enhancements for SNMP:
o A seal break event can trigger an SNMP trap.
o An SD card lifespan alarm can trigger an SNMP trap.
o An event from the Embedded Login Firewall can trigger an SNMP trap.
Moving cameras
• A “snap to area” function is added to allow selection of a new image area that the camera
zooms to. The rectangle to define the area can be drawn over the video by holding “CTRL”.
• Inactivity period selection for moving cameras is extended up to 24 hours.
ONVIF
• Signalling of ‘idle object’ is added to the ONVIF metadata stream.
Miscellaneous
• Genetec Stratocast cloud is supported.
• IGMPv3 enhancements to support source-specific multicast (SSM) scenarios.

VCA
• An object that triggered an alarm is marked accordingly and displayed in orange color for a
short period to allow easier visual detection.
For details on enhancements and changes in Intelligent Video Analytics and Essential Video
Analytics, please refer to the separate release notes.

17 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.7 Changes with 6.60.0065

• An issue in a multipathing scenario, where during start-up 802.1x EAP/TLS caused iSCSI
recording to use the alternative path, is fixed.
• An issue where the ONVIF metadata stream occasionally stopped is fixed.
• Remote recording on CPP-ENC devices is fixed but requires CPP-ENC devices to run
FW 5.97.13 or higher because of the recently added security features, which impact RCP+
communication and password handling.
• The default use of 1024 bit RSA keys for self-signed certificate generation is limited to
cameras with older hardware that would require time-extensive 2048 bit key generation in
software. On all cameras with hardware acceleration a minimum length of 2048 bit is used for
RSA keys by default. Certificates with 2048 bit keys can be used on all cameras.

7.8 Changes with 6.51.0028

• This version includes a fix for a recently discovered security vulnerability CVE-2018-19036.
The vulnerability potentially allows the unauthorized execution of code on the device via the
network interface. Bosch rates this vulnerability at 9.4 (Critical) and recommends customers to
upgrade devices with updated firmware versions.
For detailed information please refer to the published Security Advisory
BOSCH‑2018‑1202‑BT.

7.9 Changes with 6.51.0026

• Password reset mechanism changed

o Clearing passwords of all three legacy users was changed to only reset/change the
password for the user 'service' to 'service', while passwords of all other users including
'live' and 'user' as well as other ‘service’ users stay unchanged.
o The user can then logon to the camera using user 'service' with password 'service'. He
should then change the password for the service user again.
• Audio function issue fixed when using Video Security app along with AUTODOME IP 7000
series

18 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.10 New Features with 6.50.0128

• Intelligent Streaming enhancements

o Statistics pages have been added for live and recording streams. These provide
guidance for optimally adjust bitrate and quality settings, and make judgement on
averaging easier in order to optimize storage consumption.
o Intelligent Streaming configuration parameters in encoder profiles are now grouped.
• Highly reliable SD card recording with life cycle monitoring
Industrial SD cards which provide wear level data can be monitored for their health and
expected lifetime, providing much more reliable SD card recording.
Three vendors have been tested and qualified:
o Sony
o SanDisk
o Micron
Due to the high dynamic in the SD card market, no direct reference to the models is given.
Latest Industrial SD cards from all three vendors support this feature.
• ONVIF Profile T is now supported
• Current gain value is visualized in video preview window.
• The ID out of the best face detection is attached to the JPEG filename when posted via FTP
and also added to the metadata stream to allow searching.
• SNI support has been added to improve load-balancing for cloud-based solutions.

Security features
• Software Sealing
The camera configuration can be ‘sealed’ once it should not be changed anymore. Any
change of the sealing status and any change to static configuration, accidentally or intentional,
will break the seal, creating an alarm message that can be used by the video management
system to launch an appropriate alarm scenario.
All modifications affecting the sealing status are logged separately.
• Firmware files are now encrypted.
• Files received via HTTP upload are checked for correct size.
• "Secure renegotiation" is signalled in TLS.
• In case of certificate user authentication, the clock base is re-adjusted, e.g. after battery loss.

19 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.11 Changes with 6.44.0020

• Cipher suites were enhanced by TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.

• An issue with simultaneous multicast streams, introduced with FW 6.43, has been fixed.
• An issue with ONVIF SetImageSettings, where incorrect settings could be applied when an
unsupported namespace was used, has been fixed.
• An issue with ONVIF IVA messages suspended, when more than one IVA rule was
configured, has been fixed.
• An issue with VCA calibration lost after image rotation has been fixed.
• An issue with EAP-TLS certificates with CRL extension, intermittently prohibiting
authentication, has been fixed.
• An issue with panoramic cameras, where pre-positions could not be set in the web interface
when in on-board dewarping mode, has been fixed.
• Various smaller issues have been fixed.

7.12 New Features with 6.43.0027

• ITS versions of AUTODOME and MIC cameras can be enabled to allow NTCIP protocol over
serial interface.
• A possibility to increase the Power-over-Ethernet (PoE) demand signalled via LLDP has been
added. This may help to optimize the power management on switches and e.g. also eases to
use the cameras in outdoor housings with PoE-powered heating systems.
• IGMP version can now be set to a specific version. Automatic detection is still default.

7.13 Changes with 6.43.0027

• Improvements on Multipathing support for storage devices.

• Various smaller issues have been fixed.

20 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.14 Changes with 6.42.0021

• Stronger user name and password policy is enforced. The following rules apply:
o User names must be at least five (5) characters long.
o User name and password must not be identical.
o A password must consist of minimum eight (8) characters.
o A password must contain both upper-case and lower-case letters.
o A password must include one or more numerical digits.
o A password must include at least one of these special characters:
!?"#$%(){}[]*+-=.,;^_|~\
Other special characters (like space @ : < > ' & etc.) are not supported.
• Multicast discovery port is now configurable via browser interface.
• An issue where sporadically no video was shown after power cycle has been fixed.
• An issue where Automatic Network Replenishment ANR failed when SD card is broken has
been fixed.
• Improved behavioural response on denial of service attacks.
• Various ONVIF communication issues have been fixed.
• Various smaller issues have been fixed.

7.15 Changes with FW 6.41.0037

• MIC 7000 only: Robustness enhancement for the position feedback logic.
This enhancement makes sure that various problems that could occur when specific
operations were used in combination with specific command inputs are fixed.
This enhancement applies to the following operations: Absolute Position, Privacy Masks,
Auto-pivot, Saving Prepositions, Sector Titles, Azimuth/Elevation, and Compass.
• AUTODOME IP 7000 series and MIC IP 7000 series noise reduction improved for low-light
conditions.
• Various smaller issues have been fixed.

21 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.16 New Features with FW 6.40.0240

Intelligent Streaming
• Intelligent Streaming is a combination of features and functions to optimize bitrate
consumption of recorded video. It benefits from improved noise reduction in still areas of the
image, an average noise level communicated to the encoder, larger GOP size, strong use of
prediction in case of B slices, and dynamic tuning of quantization parameters (QP) in the
encoder.
• The strength of the bitrate optimization can be set via 5 levels. Savings can be up to 80% but
are strongly scene-dependent.
• Intelligent Streaming is disabled by default. Some scene settings and noise conditions may
cause the bitrate to rise when enabled, so conditions need to be checked to ensure bitrate
savings.

Security
• Password enforcement
o New cameras with this firmware installed will only become operable after the password
for the administration level (user “service”) has been assigned.
o Other users “user” and “live” will only become accessible after the administrator assigned
passwords to them.
o Cameras which are updated to this firmware from a version lower than 6.40 will not
change their behaviour and remain at their former protection level unless reset to factory
defaults.
• Signed firmware file enforcement
Only Bosch-signed firmware will be accepted by the camera without compromises.
A downgrade to a non-signed firmware is not possible anymore.
• Data encryption on iSCSI storages
o The payload on an iSCSI drive is encrypted using a symmetric XTS encryption scheme
(block encryption).
o The camera uses a number of public keys to asymmetrically encrypt the XTS key for
multiple receivers. These public keys are maintained in the certificate store via
certificates. Usage can be defined as for „recording1“ and/or „recording2“.
o Payload encryption is possible on SD cards as well as on external iSCSI storage.
o A client that shall be allowed to replay this footage must have its cert/key registered and
activated.
o The Video Recording Manager (VRM) may also be a receiver to decrypt the payload data
for replay.
• SRTP payload encryption for live and replay
SRTP provides payload encryption of UDP streams via TLS, similar to what HTTPS does by
using TLS for TCP streams. Also encrypted multicast connections are possible.
• SNMPv3 support

22 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

o New alternative SNMP support provides encryption and authentication. This new service
will provide pure MIB-II access.
o Legacy functions, like NTCIP support or mapping of dedicated RCP commands to SNMP
Enterprise MIB nodes, are only provided with existing SNMPv1 implementation.
• Certificate revocation list (CRL) support
• To improve usability and provide a more compact overview, the web user interface for the
certificate store has been updated. It now allows direct tagging of certificates for usages. The
former split into two areas (Files and Usage) is removed.
• Stronger encryption and password protection for configuration file
o The configuration file is encrypted and password-protected before download.
o The user as the owner of this configuration file is prompted for the password.
o The password is required when the configuration file is uploaded to a camera.
o The configuration file is encrypted using standard mechanisms but not intended to be
opened or modified by the user, thus the encryption key itself is kept internal and not
exposed.
• Stronger encryption for maintenance log file
The maintenance log file as being used in tech support cases is encrypted with a Bosch public
key. Only tech support staff is authorized to decrypt and open the file.
• The minimum TLS version can be defined, e.g. to avoid vulnerabilities from TLS 1.0 and 1.1.
• The Telnet console has been completely removed and is substituted by a new logging facility
providing:
o A more structured output including timestamp, severity and module sources
o Search and filtering for specific events via web user interface
o Direct output to a syslog server
o Configuration to produce similar “debug” printouts for tech support as previously
• Consolidation of running services, visualized on new page “Network Services”.
Only those services (HTTP, HTTPS, RTSP, RCP, iSCSI, NTP, discovery, ONVIF discovery)
are running which are required for activated functionality. All other services (FTP, SNMP,
UPnP, GB/T 28181) and their respective ports are deactivated.
• The password unlock functionality (support recovery option) can be disabled.
• CHAVE cameras
o Multiple trusted issuers are now allowed for client certificate authentication.
o An option to not wipe the SXI certificate when a factory default is issued has been added.

Imaging
• Improved noise filtering in still scenes.

23 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

VCA
For details on VCA 6.40 please refer to the separate release notes of Essential Video Analytics or
Intelligent Video Analytics.

ONVIF
• ONVIF manual iris and focus controls added.
• Feature coverage of the ONVIF metadata stream has been extended to include e.g. object
classes, object shape polygons, faces, flame and smoke detection info.
• Profile G support
o Recording start and control has been added.
o Recording search and replay functionality has been added.
o Tested with ONVIF Device Test Tool 16.07 SR2 rev. 617.

Miscellaneous
• SMTP port is now configurable via web interface.
• Multipathing support for storage devices.
• User name from certificate for EAP-TLS is used as EAP identity, if provided.
• Dynamically colored privacy masks, depending on surrounding video added. This can be used
to not distract the operator due to intense color, e.g. white privacy mask in night scene.
• Cameras can connect to the CBS Remote Portal installer service.
• New illuminators for MIC 7000 are supported.
• An event playback button has been added to the Live page to allow a quick playback of the
last event in case there was an incident and the camera was connected remotely to check
what happened instead of checking live and then go to the playback page.
• Default device date is set to firmware build time in case of invalid RTC time to avoid lock-out in
case of certificate-based authentication.
• Dropbox API has been updated. The API used before was going obsolete on June 28th, 2017.

7.17 Changes with FW 6.40.0240

• Compass indicator moved towards center to appear also in 4:3 resolutions.

• Installation Code has been enhanced with a block for crypto-coprocessor version indicators.
The length of the Installation Code has been extended to 48 digits instead of only 44 digits.
• Improved certificate parser to support more attributes used e.g. by various mail providers.

24 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.18 New Features with FW 6.32.0111

Imaging
• Lens settings Near Focus Limits for day and night have been added.
• Sectors in dome cameras can be more flexible set to 4, 8, 12 or 16 (default).

Security
• Strengthened password policy:
o New passwords must now be a minimum of 8 characters including special characters.
o Passwords are continuously demanded; message cannot be hidden anymore.
• For full support of HSTS, an option “HSTS plus HTTP redirection” has been added.
• Fallback to TLS 1.0 can be disabled.

VCA
• JPEG with VCA overlay is now also available in full screen view.
For details on VCA 6.30 please refer to the release notes of Essential Video Analytics or Intelligent
Video Analytics.

Miscellaneous
• Improved user interface for 802.1x settings. Interface shows an EAP-MD5 password field and
lists the EAP-TLS certificates with a link to the certificate store.
• Security coprocessor (TPM) version is listed in system overview.
• Aux and preposition widgets on Live page can be completely disabled in Web appearance
settings.
• New capability “cluster group” has been introduced. MIC integrators can get the audio back
channel capability on VIDEOJET connect 7000 from this cluster group.

AUTODOME 7000
• Mosaic privacy masks are supported in AUTODOME IP 7000 series.

25 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.19 Changes with FW 6.32.0111

• Limited frame rate stream capability names are presenting the frame rate as “skip” value,
which is used as divisor in relation to the base frame rate.
A value “skip 5” results e.g. in 12 fps if base frame rate is set to 60 fps, or in 5 fps if base
frame rate is set to 25 fps.
• In preparation for ONVIF Profile Q support, planned for next major firmware release, the
default setting for Automatic IPv4 address assignment has changed from “On” to “On plus
Link-Local”, a setting that had already been in the option list before.
Though this might seem a small change, it may have an impact:
The former default IP address 192.168.0.1 will virtually become obsolete.
Instead, the camera will assign itself an auto-IP address out of the range 169.254.1.0 to
169.254.254.255 as long as there is no other IP address assigned by a DHCP server.
(https://en.wikipedia.org/wiki/Link-local_address)
The advantage is that there are no more duplicate IP addresses, which is considered
prohibited in a network.
• VCA overlays are drawn after scaling to improve visibility.
• An issue has been fixed where the maintenance log could not be downloaded.
• An issue has been fixed where the wrong SD card recording status was displayed.
• A security leak, which allowed to extract critical data from the device, has been fixed.
• A problem with incorrect time zone info in recording packets causing gaps in timeline has
been fixed.

26 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.20 New Features with FW 6.30.0140

Imaging
• A 1.3 MP application variant is now selectable for DINION IP bullet 4000 cameras.

Security
• The user management has been extended to allow free assignment of usernames.
Each user can be assigned a user group representing live, user, or service level.
• New user management system allows to dynamically create a user for whom the password
can be treated as token. Also timeout before user account expires is possible.
• Token-based authentication implemented to allow user management based on communication
with Microsoft Active Directory Federation Services.
• Secure FTP connection (FTP over TLS) is implemented.
• ICMP redirect messages are not accepted anymore by default. Acceptance can be re-enabled
via RCP+ command, if needed.
• Video authentication is now also possible on RTSP streaming. It can be enabled with CGI
parameter ‘auth=1’ which requests picture info packets (payload type 97).

Recording
• Recording to iSCSI now supports LUN size up to 64 TB.
• A PTZ preposition can be stored in a recording profile, allowing to record only a ‘region of
interest’ (ROI) of the full image.

ONVIF
• ONVIF encoder profile settings can be verified via http://<ipaddress>/onvif_encoder_profiles.
• Manual focus and iris control is now supported via ONVIF command.
• Tamper detection alarms are now forwarded to and included in ONVIF event services.

27 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

VCA
• Web page layout has been improved for better usability and larger video for configuration.
• Video analytics now fully support 16 tasks in RCP+ and IVA Task Script Language.
• JPEGs can now include VCA overlays in Live page, alarm e-mails and JPEG Posting.
For JPEG snapshot a new query parameter ‘VCAOverlay’ can be added to the URL, e.g.
http://<ipaddress>/snap.jpg?VCAOverlay=1.
• Video can now be paused during VCA configuration.
• Reference image is now stored as JPEG instead of TIFF for broader compatibility.
• Tamper detection “too bright / too dark” was no more functional due to too high dynamic on
our cameras.
To solve this issue, sliders for the brightness level have been added for manual adjustment.
For details on VCA please refer to the release notes of Essential Video Analytics or Intelligent
Video Analytics.

Miscellaneous
• HTML5 video tag is used to display a continuous MP4 video file from the camera on browsers
not supporting NPAPI plug-ins (MPEG-ActiveX) like Firefox, Chrome and MS Edge.
• A “Links” section in the main navigation (blue top bar) has been added, leading to a
DownloadStore page providing latest tools, apps and supportive software.
• Unicode characters are now also possible on all configuration strings.
• Time server IP address can be accepted to be overwritten by DHCP.
• Display of preposition widget on Live page can be configured.
• MIC washer has been added to preset mapping functions.

7.21 Changes with FW 6.30.0140

• “Image too noisy” is removed as it never occurs due to the high dynamic of image processing.
• Downscaled images 4CIF/CIF are now encoded as PAL resolution (704x576 resp. 352x288)
when camera is set to 25/50 fps base frame rate.
• Fixed a potential recording issue which could cause recording to stop due to insufficient
storage error handling under rare error conditions, like e.g. massive irregular network
connection interrupts to storage system.
• Fixed an issue in ONVIF signaling of SD resolution.

28 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.22 Changes with 6.22.0007

• Support of new camera modules in AUTODOME 7000 and MIC 7000, providing improved
noise reduction.
• A high-resolution/limited-frame-rate capability has been introduced for stream 2 on various
cameras.

7.23 Changes with 6.22.0007

• Writing to ONVIF MaxFrameRate is now possible to improve compatibility with clients not
using encoding interval. Written values are presented in same format when read.

7.24 Changes with 6.21.0008

• An issue with increased noise and thereof increased bit rate from AUTODOME and MIC
cameras has been fixed.
• Auto Focus accurateness on DINION IP bullet 4000 and DINION IP bullet 5000 has been
improved.
• An issue with fragmented EAP-TLS transfer has been fixed, allowing support for Microsoft
Windows NPS and RADIUS.
• An issue with ONVIF Analytics Service has been fixed.
• GUI translations and some embedded help files have been updated.
• An issue with analogue output flickering on DINION IP starlight 7000 and FLEXIDOME IP
starlight 7000 in 1.3 MP mode has been fixed.
• Wrong wording on time protocol settings has been fixed.

29 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.25 New Features with 6.20.0089

Cameras
• Support for DINION IP bullet 4000 and DINION IP bullet 5000.
• Dome and AUX functions can be mapped to presets.
• MIC-7000 audio back-channel support towards VJC-7000 audio output on LIVE page.

Security
• Support of TLS 1.2 with updated cypher suites including AES 256 encryption.
• Device access security has been improved by:
o Implementation of signed time synchronization
o Signature-protected password unlock procedure
o Telnet over HTML5 web sockets in browser, using secure TLS connection
o Throttling of wrong password entries
o Urging user towards setting a device password, strength meter provided
• Firmware, which is signed with a private certificate, is authenticated before transfer to Flash to
ensure a secure firmware upload.
• Certificate handling has been enhanced by:
o Auto-generation of self-signed certificates for SSL
o User-defined creation of self-signed certificates
o Possible upload of certificates with encrypted private keys
o Improved recorded video authentication without PKI required
o Storage and retrieval of certificate in recording for verifying signed video
• Web GUI security has been improved to prevent Cross-Site-Scripting in Browser.
• Use of secure connections can be advertised via support of HSTS.

30 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.26 Changes with 6.20.0089

• 56-bit encryption disabled for secure connections to increase minimum security level.
• Telnet service (system console) is now disabled by default.
• DHCP option 12 has been changed to send ‘Renew’ message including the camera name as
hostname.

7.27 New Features with 6.11.0021

• Adding improved AF speed for AVF cameras.

7.28 Changes with 6.11.0021

• Adding small improvements and error corrections.

• ONVIF analytics capabilities have been corrected for dome cameras.
• Replay not working in BVC and BVMS clients for negative time zones has been fixed.

31 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

7.29 New Features with 6.10.0129

New Graphical User Interface

• Light and friendly Web browser interface following the Bosch Security Systems style guide for
software interfaces.
• Usability improvements due to clearer structure and elements.
• Live preview during configuration wherever possible due to space.
• Tours re-arranged onto single page and scheduler for preset tour and alarm rules added for
moving cameras.
• Encoder quality regions can be configured on moving cameras’ preset positions with up to 8
regions.
• Video export format can be preselected from Bosch format including metadata and generic
MP4 format on LIVE page.

Imaging Enhancements
• Digital Zoom mode added to lens settings page.
• Setting migration keeps all the previous imaging settings after camera upgraded to new
firmware. Please note: This is only applicable after firmware 6.10.

Security Enhancements
• Certificate Store for management and assignment of client and server side certificates.
• Preparation for Public Key Infrastructure (PKI), enabled via special license, has been added.
• 56-Bit DES cipher suite is disabled for TLS connection.

IVA Enhancements
• Object classification of object types “upright person”,” bike”, “car”, “truck” replaces head
detection.
• Geolocation allows setting a camera’s global coordinates. The position of the tracked objects
in the respective coordinate system is added to metadata. Camera viewers can show the
tracked objects on a map.
• Usability improvements allow for easier calibration and easier drawing of elements and masks.
• MOTION+ configuration has been reworked. Eight MOTION+ alarm fields with up to 16 nodes
can now be set. Areas can be removed from processing via VCA masks, which will then
suppress metadata generation in these areas.
Note: For details and complete overview refer to release notes of IVA 6.10.

32 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany
Security Systems

From Nuremberg

BT-VS/MKP1 Product Management 13.04.2022

ONVIF Enhancements
• IVA events can be received via ONVIF messages.
• Overlay metadata can be received in ONVIF XML format.
• AUX commands can be sent via ONVIF messages.
• Special functions like IR Correction, Visible White Light and Anti-Fog for MIC 7000 can be
sent via ONVIF messages.
• Intelligent Tracking for AUTODOME and MIC can be enabled via ONVIF messages.
• Conformance was tested using recent ONVIF test tool 14.12.

Miscellaneous
• Missing time zones added for Caracas, Newfoundland, Kathmandu, Yangon, Samoa and
Kiritimati Island.
• 3rd party protocol support can be enabled via special license, showing specific menu when
license is installed.
• Internal storage can be disabled and hidden via special license for certain LATAM countries.
This license can only be cleared via technical service and support.
• An additional area in the flash memory, holding a file system to store specific files or data, has
been implemented. This area can hold such like the enhanced Chinese character table or the
FPGA image for IVA cameras running in 5:4 setup, certificates or configuration data.
With FW 6.10 necessary files can be installed by uploading a supplementary firmware file.
For successive firmware versions the sections will be recombined.
• Besides normal POE+ power signalling, with a special license installed the available power
can be signalled proprietarily. Signalled power can be configured manually when license is
installed.
• A customer logo up to 128x128 pixels with a depth of 256 colors can be uploaded as BMP file
to be displayed in the camera name block. Options for placement are left, right or logo only.

7.30 Changes with 6.10.0129

• IPv6 operational improvements, e.g. netmask extended to 64 bit.

• Reference image is deleted when device is set to factory default.
• Improved robustness of encoding DSP.
• Fix for JPEG resolution handling on AUTODOME IP 7000.
• Fix for recording status while pre-alarm recording in RAM.

33 of 33

BOSCH and the symbol are registered trademarks of Robert Bosch GmbH, Germany