Filtered by vendor Bosch
Subscribe
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6776 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the vic ...
Show More |
|||||
| CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
|
|||||
| CVE-2020-6771 | 1 Bosch | 1 Ip Helper | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application.
|
|||||
| CVE-2020-6770 | 1 Bosch | 5 Bosch Video Management System Mobile Video Service, Divar Ip 3000, Divar Ip 3000 Firmware and 2 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.
|
|||||
| CVE-2020-6769 | 1 Bosch | 8 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 3000 and 5 more | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
|
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= ...
Show More |
|||||
| CVE-2020-6768 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVM ...
Show More |
|||||
| CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS ...
Show More |
|||||
| CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fix ...
Show More |
|||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). ...
Show More |
|||||
| CVE-2019-7729 | 1 Bosch | 1 Smart Camera | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)
|
|||||
| CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)
|
|||||
| CVE-2019-6958 | 1 Bosch | 16 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 13 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified a ...
Show More |
|||||
| CVE-2019-6957 | 1 Bosch | 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the ne ...
Show More |
|||||
| CVE-2019-11899 | 1 Bosch | 1 Access | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
|
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
|
|||||
| CVE-2019-11898 | 1 Bosch | 1 Access | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
|
|||||
| CVE-2019-11897 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
|
|||||
| CVE-2019-11896 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
|
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.
|
|||||
| CVE-2019-11895 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 7.1 HIGH | 5.3 MEDIUM |
|
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
|
|||||
| CVE-2019-11894 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
|
A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.
|
|||||
| CVE-2019-11893 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 4.9 MEDIUM | 8.0 HIGH |
|
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.
|
|||||
| CVE-2019-11892 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
|
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
|
|||||
| CVE-2019-11891 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 5.4 MEDIUM | 8.0 HIGH |
|
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.
|
|||||
| CVE-2019-11684 | 1 Bosch | 4 Divar Ip 5000, Divar Ip 5000 Firmware, Video Management System and 1 more | 2024-11-21 | 10.0 HIGH | 9.9 CRITICAL |
|
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all version ...
Show More |
|||||
| CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
|
|||||
| CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
|
|||||
| CVE-2019-11601 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
|
|||||
| CVE-2018-20299 | 1 Bosch | 4 360-indoor Camera, 360-indoor Camera Firmware, Eyes Outdoor Camera and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.
|
|||||
| CVE-2018-19036 | 1 Bosch | 74 Autodome Ip 4000 Hd, Autodome Ip 4000i, Autodome Ip 5000 Hd and 71 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
|
|||||