Filtered by vendor Bosch
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48261 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 7.5 HIGH |
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | |||||
CVE-2023-48262 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||||
CVE-2023-48259 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 7.5 HIGH |
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | |||||
CVE-2023-48266 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||||
CVE-2023-48245 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
CVE-2023-48257 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 8.8 HIGH |
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request. | |||||
CVE-2022-41677 | 1 Bosch | 12 Cpp13, Cpp13 Firmware, Cpp14 and 9 more | 2024-02-05 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet. | |||||
CVE-2023-48242 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.5 MEDIUM |
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
CVE-2023-48258 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 8.1 HIGH |
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | |||||
CVE-2023-48248 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 5.4 MEDIUM |
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file. | |||||
CVE-2023-29241 | 1 Bosch | 1 Building Integration System | 2024-02-04 | N/A | 7.1 HIGH |
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | |||||
CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-02-04 | N/A | 6.5 MEDIUM |
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | |||||
CVE-2023-28175 | 1 Bosch | 16 Divar Ip 3000, Divar Ip 3000 Firmware, Divar Ip 4000 and 13 more | 2024-02-04 | N/A | 7.7 HIGH |
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | |||||
CVE-2022-47648 | 1 Bosch | 2 B420, B420 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | |||||
CVE-2022-40183 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2024-02-04 | N/A | 4.7 MEDIUM |
An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | |||||
CVE-2022-36302 | 1 Bosch | 1 Bf-os | 2024-02-04 | N/A | 5.4 MEDIUM |
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | |||||
CVE-2022-40184 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2024-02-04 | N/A | 4.8 MEDIUM |
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | |||||
CVE-2022-36301 | 1 Bosch | 1 Bf-os | 2024-02-04 | N/A | 7.5 HIGH |
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | |||||
CVE-2022-32536 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights. | |||||
CVE-2022-32535 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. |