Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-32536 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. | 9.0 |
| 2022-03-30 | CVE-2021-23850 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. | 6.5 |
| 2022-03-30 | CVE-2021-23851 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. | 6.5 |
| 2022-01-28 | CVE-2021-23863 | Cross-site Scripting vulnerability in Bosch Video Security HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. | 4.3 |
| 2022-01-19 | CVE-2021-23842 | Use of Hard-coded Credentials vulnerability in Bosch products Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. | 3.6 |
| 2022-01-19 | CVE-2021-23843 | Missing Authentication for Critical Function vulnerability in Bosch products The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. | 4.6 |
| 2021-12-08 | CVE-2021-23859 | Improper Handling of Exceptional Conditions vulnerability in Bosch products An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. | 5.0 |
| 2021-12-08 | CVE-2021-23860 | Cross-site Scripting vulnerability in Bosch products An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. | 4.3 |
| 2021-12-08 | CVE-2021-23861 | Unspecified vulnerability in Bosch products By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. | 5.5 |
| 2021-12-08 | CVE-2021-23862 | OS Command Injection vulnerability in Bosch products A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. | 9.0 |