Vulnerabilities > Bosch > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-39509 | Command Injection vulnerability in Bosch Cpp13 Firmware and Cpp14 Firmware A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | 7.2 |
| 2023-09-18 | CVE-2023-34999 | Command Injection vulnerability in Bosch RTS Vlink Virtual Matrix 5.0.0/6.0.0 A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | 7.2 |
| 2023-06-30 | CVE-2023-29241 | Unspecified vulnerability in Bosch Building Integration System 5.0 Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | 7.1 |
| 2023-06-15 | CVE-2023-28175 | Incorrect Authorization vulnerability in Bosch products Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | 7.7 |
| 2023-02-08 | CVE-2022-47648 | Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. | 8.8 |
| 2022-08-01 | CVE-2022-36301 | Weak Password Requirements vulnerability in Bosch Bf-Os BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | 7.5 |
| 2022-06-23 | CVE-2022-32536 | Improper Privilege Management vulnerability in Bosch Pra-Es8P2S Firmware 1.01.05 The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. | 8.8 |
| 2022-03-30 | CVE-2021-23850 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. | 7.2 |
| 2022-03-30 | CVE-2021-23851 | Classic Buffer Overflow vulnerability in Bosch products A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. | 7.2 |
| 2022-01-19 | CVE-2021-23842 | Use of Hard-coded Credentials vulnerability in Bosch products Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. | 7.1 |