Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-08 | CVE-2022-47648 | Incorrect Authorization vulnerability in Bosch B420 Firmware 02.02.0001 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. | 8.8 |
| 2022-10-27 | CVE-2022-40183 | Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. | 4.7 |
| 2022-10-27 | CVE-2022-40184 | Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | 4.8 |
| 2022-09-30 | CVE-2022-32540 | Information Exposure vulnerability in Bosch products Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. | 5.9 |
| 2022-06-23 | CVE-2022-32534 | Injection vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. | 10.0 |
| 2022-06-23 | CVE-2022-32535 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. | 10.0 |
| 2022-06-23 | CVE-2022-32536 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. | 9.0 |
| 2022-03-30 | CVE-2021-23850 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. | 6.5 |
| 2022-03-30 | CVE-2021-23851 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. | 6.5 |
| 2022-01-28 | CVE-2021-23863 | Cross-site Scripting vulnerability in Bosch Video Security HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. | 4.3 |