Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-32534 | OS Command Injection vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. | 9.8 |
| 2022-06-23 | CVE-2022-32535 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. | 9.8 |
| 2022-06-23 | CVE-2022-32536 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. | 8.8 |
| 2022-03-30 | CVE-2021-23850 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. | 7.2 |
| 2022-03-30 | CVE-2021-23851 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. | 7.2 |
| 2022-01-28 | CVE-2021-23863 | Cross-site Scripting vulnerability in Bosch Video Security 3.2.3 HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. | 6.1 |
| 2022-01-19 | CVE-2021-23842 | Use of Hard-coded Credentials vulnerability in Bosch products Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. | 7.1 |
| 2022-01-19 | CVE-2021-23843 | Missing Authentication for Critical Function vulnerability in Bosch products The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. | 7.8 |
| 2021-12-08 | CVE-2021-23859 | Improper Handling of Exceptional Conditions vulnerability in Bosch products An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. | 7.5 |
| 2021-12-08 | CVE-2021-23860 | Cross-site Scripting vulnerability in Bosch products An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. | 6.1 |