Filtered by vendor Bosch Subscriptions
Total 104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-32536 1 Bosch 2 Pra-es8p2s, Pra-es8p2s Firmware 2024-11-21 8.8 High
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.
CVE-2022-32535 1 Bosch 2 Pra-es8p2s, Pra-es8p2s Firmware 2024-11-21 4.8 Medium
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
CVE-2022-32534 1 Bosch 2 Pra-es8p2s, Pra-es8p2s Firmware 2024-11-21 8.8 High
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands.
CVE-2021-23863 1 Bosch 1 Video Security 2024-11-21 6.1 Medium
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker.
CVE-2021-23862 1 Bosch 8 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 5 more 2024-11-21 7.2 High
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
CVE-2021-23861 1 Bosch 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more 2024-11-21 6.5 Medium
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
CVE-2021-23860 1 Bosch 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more 2024-11-21 5 Medium
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
CVE-2021-23859 1 Bosch 9 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 6 more 2024-11-21 9.1 Critical
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
CVE-2021-23858 1 Bosch 24 Indracontrol Xlc, Indracontrol Xlc Firmware, Rexroth Indramotion Mlc L20 and 21 more 2024-11-21 8.6 High
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.
CVE-2021-23857 1 Bosch 24 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L25 and 21 more 2024-11-21 10 Critical
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.
CVE-2021-23856 1 Bosch 4 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L40 and 1 more 2024-11-21 10 Critical
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
CVE-2021-23855 1 Bosch 4 Rexroth Indramotion Mlc, Rexroth Indramotion Mlc Firmware, Rexroth Indramotion Xlc and 1 more 2024-11-21 8.6 High
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.
CVE-2021-23854 1 Bosch 8 Cpp13, Cpp13 Firmware, Cpp6 and 5 more 2024-11-21 8.3 High
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.
CVE-2021-23853 1 Bosch 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more 2024-11-21 8.3 High
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
CVE-2021-23852 1 Bosch 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more 2024-11-21 4.9 Medium
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
CVE-2021-23851 1 Bosch 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more 2024-11-21 6.8 Medium
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.
CVE-2021-23850 1 Bosch 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more 2024-11-21 6.8 Medium
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.
CVE-2021-23849 1 Bosch 14 Aviotec, Aviotec Firmware, Cpp13 and 11 more 2024-11-21 7.5 High
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.
CVE-2021-23848 1 Bosch 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more 2024-11-21 8.3 High
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
CVE-2021-23847 1 Bosch 6 Cpp6, Cpp6 Firmware, Cpp7 and 3 more 2024-11-21 9.8 Critical
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.