Bosch Security Vulnerabilities
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized...
4.6CVSS
6.9AI Score
0.0004EPSS
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the...
8.8CVSS
7.2AI Score
0.0004EPSS
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded...
9.8CVSS
9.2AI Score
0.001EPSS
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned...
5.5CVSS
5.7AI Score
0.001EPSS
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP...
6.1CVSS
6.5AI Score
0.001EPSS
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned...
6.3CVSS
6.5AI Score
0.001EPSS
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
8.8CVSS
8.3AI Score
0.001EPSS
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP...
8.8CVSS
8.4AI Score
0.001EPSS
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded...
9.8CVSS
9.2AI Score
0.001EPSS
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi...
8.3CVSS
6.9AI Score
0.0004EPSS
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s...
8.1CVSS
7.8AI Score
0.001EPSS
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by...
8.8CVSS
8.8AI Score
0.001EPSS
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP...
6.1CVSS
6.5AI Score
0.001EPSS
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP...
7.5CVSS
7.4AI Score
0.001EPSS
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network...
9.8CVSS
9.4AI Score
0.002EPSS
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the...
8.8CVSS
8.7AI Score
0.001EPSS
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP...
9.8CVSS
9.2AI Score
0.001EPSS
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP...
7.5CVSS
7.4AI Score
0.001EPSS
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP...
6.5CVSS
6.3AI Score
0.001EPSS
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network...
9.8CVSS
9.4AI Score
0.002EPSS
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network...
9.8CVSS
9.4AI Score
0.002EPSS
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network...
9.8CVSS
9.4AI Score
0.002EPSS
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network...
9.8CVSS
9.4AI Score
0.002EPSS
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP...
7.5CVSS
7.4AI Score
0.001EPSS
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active...
6.5CVSS
6.3AI Score
0.001EPSS
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP...
6.3CVSS
6.2AI Score
0.001EPSS
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP...
6.5CVSS
6.3AI Score
0.001EPSS
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP...
7.5CVSS
7.4AI Score
0.001EPSS
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle...
5.9CVSS
5.7AI Score
0.001EPSS
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the...
7.2CVSS
7.2AI Score
0.0004EPSS
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS)...
7.5CVSS
7.5AI Score
0.001EPSS
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to....
5.3CVSS
5.2AI Score
0.001EPSS
An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an...
8.8CVSS
8.7AI Score
0.001EPSS
The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not...
8.8CVSS
8.3AI Score
0.0005EPSS
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI...
8.8CVSS
8.3AI Score
0.001EPSS
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...
8.8CVSS
8.7AI Score
0.001EPSS
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web...
8.4CVSS
7.4AI Score
0.001EPSS
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via...
8.1CVSS
6.7AI Score
0.0004EPSS
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding...
7.7CVSS
7.2AI Score
0.001EPSS
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell...
9.8CVSS
9.7AI Score
0.002EPSS
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any...
7.5CVSS
7.5AI Score
0.002EPSS
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC),...
9.1CVSS
9AI Score
0.002EPSS
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access....
9.8CVSS
9.3AI Score
0.004EPSS
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration...
5.1CVSS
5.2AI Score
0.001EPSS
An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the...
5.8CVSS
4.6AI Score
0.001EPSS
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow....
9.8CVSS
9.7AI Score
0.003EPSS
Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras...
5.9CVSS
5.5AI Score
0.001EPSS
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device...
9.8CVSS
7.4AI Score
0.002EPSS
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive...
8.8CVSS
5.4AI Score
0.001EPSS