Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2022-10-27 CVE-2022-40183 Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware
An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
high complexity
bosch CWE-79
4.7
2022-10-27 CVE-2022-40184 Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.
network
low complexity
bosch CWE-79
4.8
2022-09-30 CVE-2022-32540 Information Exposure vulnerability in Bosch products
Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream.
network
high complexity
bosch CWE-200
5.9
2022-06-23 CVE-2022-32534 Injection vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface.
network
low complexity
bosch CWE-74
critical
10.0
2022-06-23 CVE-2022-32535 Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege.
network
low complexity
bosch CWE-269
critical
10.0
2022-06-23 CVE-2022-32536 Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient.
network
low complexity
bosch CWE-269
critical
9.0
2022-03-30 CVE-2021-23850 Classic Buffer Overflow vulnerability in Bosch products
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash.
network
low complexity
bosch CWE-120
6.5
2022-03-30 CVE-2021-23851 Classic Buffer Overflow vulnerability in Bosch products
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash.
network
low complexity
bosch CWE-120
6.5
2022-01-28 CVE-2021-23863 Cross-site Scripting vulnerability in Bosch Video Security
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3.
network
bosch CWE-79
4.3
2022-01-19 CVE-2021-23842 Use of Hard-coded Credentials vulnerability in Bosch products
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish.
local
low complexity
bosch CWE-798
3.6