EUVD-2021-10769

Malware in sbrugna...

EUVD-2023-36486

Malicious code in bioql PyPI...

CVE-2023-32228

A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user...

CVE-2023-32228

A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user...

CVE-2023-32228

A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user...

CVE-2023-32228

The CVE-2023-32228 entry concerns firmware bugs in AMC2-4WCF and AMC2-2WCF where data can be misinterpreted, potentially allowing an adversary to grant access to the last authorized user. The issue is rooted in a firmware-level misinterpretation vulnerability affecting the affected AMC components...

CVE-2021-23843

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make...

CVE-2021-23843

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make...

CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

Code injection

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

Design/Logic Flaw

The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make...

CVE-2021-23843

The CVE-2021-23843 affects Bosch AMC2 devices via AccessIPConfig.exe and AmcIpConfig.exe, where password protection on the device configuration can be bypassed, allowing unauthorized changes to configuration data and potentially making the device unresponsive on the local network. The vulnerabili...

CVE-2021-23842

The CVE-2021-23842 entry concerns Bosch AMC2, where an attacker who can access the local network can retrieve the encryption key from the firmware. This enables decryption and modification of network traffic between the AMC2 and the host system, as well as decrypted access to firmware files and p...

Bosch Amc2 访问控制错误漏洞

Bosch Amc2 is an access modular controller from Bosch, Germany. An access control error vulnerability exists in the Bosch AMC2 that stems from the Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe used to configure certain settings in the AMC2 device. The tools allow password protection...