Vulnerabilities > Bosch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-18 | CVE-2021-23846 | Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. | 5.9 |
| 2021-06-09 | CVE-2021-23848 | Cross-site Scripting vulnerability in Bosch products An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. | 6.1 |
| 2021-06-09 | CVE-2021-23852 | Resource Exhaustion vulnerability in Bosch products An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). | 4.9 |
| 2021-06-09 | CVE-2021-23854 | Cross-site Scripting vulnerability in Bosch products An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. | 6.1 |
| 2021-01-26 | CVE-2020-6780 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | 4.9 |
| 2021-01-14 | CVE-2020-6777 | Cross-site Scripting vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. | 4.8 |
| 2020-02-06 | CVE-2020-6767 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. | 6.5 |
| 2019-08-21 | CVE-2019-11602 | Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | 5.3 |
| 2019-05-29 | CVE-2019-11895 | Unspecified vulnerability in Bosch Smart Home Controller Firmware A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. high complexity bosch | 5.3 |
| 2019-05-29 | CVE-2019-11894 | Unspecified vulnerability in Bosch Smart Home Controller Firmware A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. low complexity bosch | 5.7 |