Filtered by vendor Bosch
Subscribe
Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23856 | 1 Bosch | 4 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L40 and 1 more | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | |||||
| CVE-2018-20299 | 1 Bosch | 4 360-indoor Camera, 360-indoor Camera Firmware, Eyes Outdoor Camera and 1 more | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server. | |||||
| CVE-2021-23849 | 1 Bosch | 14 Aviotec, Aviotec Firmware, Cpp13 and 11 more | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. | |||||
| CVE-2019-11684 | 1 Bosch | 4 Divar Ip 5000, Divar Ip 5000 Firmware, Video Management System and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. | |||||
| CVE-2021-23846 | 1 Bosch | 2 B426, B426 Firmware | 2021-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. | |||||
| CVE-2021-23845 | 1 Bosch | 8 B426, B426-cn, B426-cn Firmware and 5 more | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. | |||||
| CVE-2021-23853 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. | |||||
| CVE-2021-23847 | 1 Bosch | 6 Cpp6, Cpp6 Firmware, Cpp7 and 3 more | 2021-06-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected. | |||||
| CVE-2021-23848 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. | |||||
| CVE-2021-23852 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2021-06-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). | |||||
| CVE-2021-23854 | 1 Bosch | 8 Cpp13, Cpp13 Firmware, Cpp6 and 5 more | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. | |||||
| CVE-2020-6790 | 1 Bosch | 1 Video Streaming Gateway | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. | |||||
| CVE-2020-6771 | 1 Bosch | 1 Ip Helper | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application. | |||||
| CVE-2020-6785 | 1 Bosch | 5 Divar Ip 7000 R2, Divar Ip All-in-one 5000, Divar Ip All-in-one 7000 and 2 more | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. | |||||
| CVE-2020-6786 | 1 Bosch | 1 Video Recording Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6787 | 1 Bosch | 1 Video Client | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6788 | 1 Bosch | 1 Configuration Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6789 | 1 Bosch | 1 Monitor Wall | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6779 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-03 | 10.0 HIGH | 10.0 CRITICAL |
| Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system. | |||||
| CVE-2020-6780 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2021-02-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | |||||