Vulnerabilities > Bosch > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2021-23843 | Missing Authentication for Critical Function vulnerability in Bosch products The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. | 7.8 |
| 2021-12-08 | CVE-2021-23859 | Improper Handling of Exceptional Conditions vulnerability in Bosch products An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. | 7.5 |
| 2021-12-08 | CVE-2021-23862 | OS Command Injection vulnerability in Bosch products A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. | 7.2 |
| 2021-10-04 | CVE-2021-23855 | Inadequate Encryption Strength vulnerability in Bosch products The user and password data base is exposed by an unprotected web server resource. | 7.5 |
| 2021-10-04 | CVE-2021-23858 | Missing Authentication for Critical Function vulnerability in Bosch products Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. | 7.5 |
| 2021-08-05 | CVE-2021-23849 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch products A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). | 8.8 |
| 2021-06-18 | CVE-2021-23845 | Unspecified vulnerability in Bosch products This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. | 8.8 |
| 2021-03-25 | CVE-2020-6790 | Uncontrolled Search Path Element vulnerability in Bosch Video Streaming Gateway Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-03-25 | CVE-2020-6789 | Uncontrolled Search Path Element vulnerability in Bosch Monitor Wall 10.00.0164 Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-03-25 | CVE-2020-6788 | Uncontrolled Search Path Element vulnerability in Bosch Configuration Manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |