Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-6781 Improper Certificate Validation vulnerability in Bosch Smart Home
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
network
bosch CWE-295
5.8
2020-05-27 CVE-2020-6774 Exposure of Resource TO Wrong Sphere vulnerability in Bosch Recording Station Firmware
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
local
low complexity
bosch CWE-668
7.2
2020-02-07 CVE-2020-6770 Deserialization of Untrusted Data vulnerability in Bosch products
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system.
network
low complexity
bosch CWE-502
critical
10.0
2020-02-07 CVE-2020-6768 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
5.0
2020-02-07 CVE-2020-6769 Missing Authentication FOR Critical Function vulnerability in Bosch products
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway.
network
low complexity
bosch CWE-306
6.4
2020-02-06 CVE-2020-6767 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
4.0
2019-09-12 CVE-2019-11899 Information Exposure vulnerability in Bosch Access 2.1/3.3/3.7
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation.
network
low complexity
bosch CWE-200
4.0
2019-09-12 CVE-2019-11898 USE of Hard-Coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools.
network
low complexity
bosch CWE-798
6.5
2019-08-21 CVE-2019-11603 Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
network
low complexity
bosch CWE-22
5.0
2019-08-21 CVE-2019-11602 Information Exposure Through AN Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
network
low complexity
bosch CWE-209
5.0