Vulnerabilities > Bosch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-07 | CVE-2020-6769 | Missing Authentication for Critical Function vulnerability in Bosch products Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. | 9.1 |
2020-02-06 | CVE-2020-6767 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. | 6.5 |
2019-09-12 | CVE-2019-11899 | Unspecified vulnerability in Bosch Access 2.1/3.3/3.7 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. | 7.5 |
2019-09-12 | CVE-2019-11898 | Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. | 9.9 |
2019-08-21 | CVE-2019-11603 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | 7.5 |
2019-08-21 | CVE-2019-11602 | Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | 5.3 |
2019-08-21 | CVE-2019-11601 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | 7.5 |
2019-08-21 | CVE-2019-11897 | Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. | 8.6 |
2019-05-29 | CVE-2019-11896 | Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware 9.8.905 A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. | 7.1 |
2019-05-29 | CVE-2019-11895 | Unspecified vulnerability in Bosch Smart Home Controller Firmware A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. high complexity bosch | 5.3 |