Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2020-6771 | Uncontrolled Search Path Element vulnerability in Bosch IP Helper 1.00.0008 Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-02-26 | CVE-2019-11684 | Missing Authentication for Critical Function vulnerability in Bosch products Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. | 9.8 |
| 2021-01-26 | CVE-2020-6780 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | 4.9 |
| 2021-01-26 | CVE-2020-6779 | Use of Hard-coded Credentials vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. | 10.0 |
| 2021-01-14 | CVE-2020-6777 | Cross-site Scripting vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. | 4.8 |
| 2021-01-14 | CVE-2020-6776 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). | 8.8 |
| 2020-09-16 | CVE-2020-6781 | Improper Certificate Validation vulnerability in Bosch Smart Home Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | 7.4 |
| 2020-05-27 | CVE-2020-6774 | Exposure of Resource to Wrong Sphere vulnerability in Bosch Recording Station Firmware Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | 8.8 |
| 2020-02-07 | CVE-2020-6770 | Deserialization of Untrusted Data vulnerability in Bosch products Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-07 | CVE-2020-6768 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. | 7.5 |