Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2020-6771 Uncontrolled Search Path Element vulnerability in Bosch IP Helper 1.00.0008
Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-02-26 CVE-2019-11684 Incorrect Authorization vulnerability in Bosch products
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system.
network
low complexity
bosch CWE-863
critical
10.0
2021-01-26 CVE-2020-6780 Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
network
low complexity
bosch CWE-916
4.0
2021-01-26 CVE-2020-6779 Use of Hard-coded Credentials vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges.
network
low complexity
bosch CWE-798
critical
10.0
2021-01-14 CVE-2020-6777 Cross-site Scripting vulnerability in Bosch Praesensa Firmware and Praesideo Firmware
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user.
network
bosch CWE-79
3.5
2021-01-14 CVE-2020-6776 Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery).
network
bosch CWE-352
6.8
2020-09-16 CVE-2020-6781 Improper Certificate Validation vulnerability in Bosch Smart Home
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
network
bosch CWE-295
5.8
2020-05-27 CVE-2020-6774 Exposure of Resource to Wrong Sphere vulnerability in Bosch Recording Station Firmware
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
local
low complexity
bosch CWE-668
7.2
2020-02-07 CVE-2020-6770 Deserialization of Untrusted Data vulnerability in Bosch products
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system.
network
low complexity
bosch CWE-502
critical
10.0
2020-02-07 CVE-2020-6768 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
5.0