Vulnerabilities > Bosch > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2020-6787 | Uncontrolled Search Path Element vulnerability in Bosch Video Client 1.7.6.079 Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-03-25 | CVE-2020-6786 | Uncontrolled Search Path Element vulnerability in Bosch Video Recording Manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-03-25 | CVE-2020-6785 | Uncontrolled Search Path Element vulnerability in Bosch products Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-03-25 | CVE-2020-6771 | Uncontrolled Search Path Element vulnerability in Bosch IP Helper 1.00.0008 Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. | 7.8 |
| 2021-01-14 | CVE-2020-6776 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). | 8.8 |
| 2020-09-16 | CVE-2020-6781 | Improper Certificate Validation vulnerability in Bosch Smart Home Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | 7.4 |
| 2020-05-27 | CVE-2020-6774 | Exposure of Resource to Wrong Sphere vulnerability in Bosch Recording Station Firmware Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | 8.8 |
| 2020-02-07 | CVE-2020-6768 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. | 7.5 |
| 2019-09-12 | CVE-2019-11899 | Unspecified vulnerability in Bosch Access 2.1/3.3/3.7 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. | 7.5 |
| 2019-08-21 | CVE-2019-11603 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | 7.5 |