Filtered by vendor Bosch
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11896 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 6.8 MEDIUM | 7.1 HIGH |
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction. | |||||
CVE-2019-11897 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server. | |||||
CVE-2019-11601 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | |||||
CVE-2019-11602 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | |||||
CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). | |||||
CVE-2019-6958 | 1 Bosch | 16 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 13 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data. | |||||
CVE-2019-6957 | 1 Bosch | 18 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 15 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface. | |||||
CVE-2019-11894 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 2.9 LOW | 5.7 MEDIUM |
A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed. | |||||
CVE-2019-11892 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 6.8 MEDIUM | 8.0 HIGH |
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. | |||||
CVE-2019-11891 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 5.4 MEDIUM | 8.0 HIGH |
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack. | |||||
CVE-2019-11893 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 4.9 MEDIUM | 8.0 HIGH |
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction. | |||||
CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | |||||
CVE-2019-11898 | 1 Bosch | 1 Access | 2024-02-04 | 6.5 MEDIUM | 9.9 CRITICAL |
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | |||||
CVE-2019-11899 | 1 Bosch | 1 Access | 2024-02-04 | 4.0 MEDIUM | 7.5 HIGH |
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | |||||
CVE-2019-11895 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-02-04 | 7.1 HIGH | 5.3 MEDIUM |
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. | |||||
CVE-2019-7729 | 1 Bosch | 1 Smart Camera | 2024-02-04 | 2.1 LOW | 3.3 LOW |
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | |||||
CVE-2018-19036 | 1 Bosch | 74 Autodome Ip 4000 Hd, Autodome Ip 4000i, Autodome Ip 5000 Hd and 71 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. | |||||
CVE-2018-20299 | 1 Bosch | 4 360-indoor Camera, 360-indoor Camera Firmware, Eyes Outdoor Camera and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server. | |||||
CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) |