Filtered by vendor Bosch
Subscribe
Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6787 | 1 Bosch | 1 Video Client | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
CVE-2020-6788 | 1 Bosch | 1 Configuration Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
CVE-2020-6786 | 1 Bosch | 1 Video Recording Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
CVE-2020-6789 | 1 Bosch | 1 Monitor Wall | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
CVE-2020-6779 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-02 | 10.0 HIGH | 10.0 CRITICAL |
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system. | |||||
CVE-2020-6780 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-02 | 4.0 MEDIUM | 4.9 MEDIUM |
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | |||||
CVE-2020-6776 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2021-01-21 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the victim, e.g. creating and modifying user accounts, changing system configuration settings and cause DoS conditions. Note: For Bosch PRAESIDEO 4.31 and newer and Bosch PRAESENSA in all versions, the confidentiality impact is considered low because user credentials are not shown in the web interface. | |||||
CVE-2020-6777 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2021-01-21 | 3.5 LOW | 4.8 MEDIUM |
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself. | |||||
CVE-2019-11899 | 1 Bosch | 1 Access | 2020-10-08 | 4.0 MEDIUM | 7.5 HIGH |
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | |||||
CVE-2019-11896 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 6.8 MEDIUM | 7.1 HIGH |
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction. | |||||
CVE-2019-11895 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 7.1 HIGH | 5.3 MEDIUM |
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. | |||||
CVE-2019-11894 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 2.9 LOW | 5.7 MEDIUM |
A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed. | |||||
CVE-2019-11893 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 4.9 MEDIUM | 8.0 HIGH |
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction. | |||||
CVE-2019-11892 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 6.8 MEDIUM | 8.0 HIGH |
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. | |||||
CVE-2019-11891 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2020-10-06 | 5.4 MEDIUM | 8.0 HIGH |
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack. | |||||
CVE-2020-6781 | 1 Bosch | 1 Smart Home | 2020-09-22 | 5.8 MEDIUM | 7.4 HIGH |
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | |||||
CVE-2019-7729 | 1 Bosch | 1 Smart Camera | 2020-08-24 | 2.1 LOW | 3.3 LOW |
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | |||||
CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | |||||
CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2020-05-29 | 7.2 HIGH | 8.8 HIGH |
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | |||||
CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. |