Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2020-02-07 CVE-2020-6769 Missing Authentication for Critical Function vulnerability in Bosch products
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway.
network
low complexity
bosch CWE-306
critical
9.1
2020-02-06 CVE-2020-6767 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
6.5
2019-09-12 CVE-2019-11899 Unspecified vulnerability in Bosch Access 2.1/3.3/3.7
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation.
network
low complexity
bosch
7.5
2019-09-12 CVE-2019-11898 Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools.
network
low complexity
bosch CWE-798
critical
9.9
2019-08-21 CVE-2019-11603 Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
network
low complexity
bosch CWE-22
7.5
2019-08-21 CVE-2019-11602 Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
network
low complexity
bosch CWE-209
5.3
2019-08-21 CVE-2019-11601 Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
network
low complexity
bosch CWE-22
7.5
2019-08-21 CVE-2019-11897 Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs.
network
low complexity
bosch CWE-918
8.6
2019-05-29 CVE-2019-11896 Improper Privilege Management vulnerability in Bosch Smart Home Controller Firmware 9.8.905
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions.
high complexity
bosch CWE-269
7.1
2019-05-29 CVE-2019-11895 Unspecified vulnerability in Bosch Smart Home Controller Firmware
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators.
high complexity
bosch
5.3