Known Vulnerabilities for products from Bosch
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bosch".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Bosch can be found at device.report : Bosch
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-23863 | HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully ... | 6.1 - MEDIUM | 2022-01-28 | 2022-02-02 |
| CVE-2021-23862 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in syst... | 7.2 - HIGH | 2021-12-08 | 2022-08-30 |
| CVE-2021-23861 | By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM ... | 6.5 - MEDIUM | 2021-12-08 | 2022-08-30 |
| CVE-2021-23860 | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To explo... | 6.1 - MEDIUM | 2021-12-08 | 2021-12-14 |
| CVE-2021-23859 | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone V... | 7.5 - HIGH | 2021-12-08 | 2021-12-14 |
| CVE-2021-23858 | Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web ... | 7.5 - HIGH | 2021-10-04 | 2022-08-30 |
| CVE-2021-23857 | Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash... | 9.8 - CRITICAL | 2021-10-04 | 2022-08-30 |
| CVE-2021-23856 | The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s comp... | 6.1 - MEDIUM | 2021-10-04 | 2021-10-08 |
| CVE-2021-23855 | The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing al... | 7.5 - HIGH | 2021-10-04 | 2022-08-30 |
| CVE-2021-23854 | An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the we... | 6.1 - MEDIUM | 2021-06-09 | 2021-06-17 |
| CVE-2021-23853 | In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through craft... | 9.8 - CRITICAL | 2021-06-09 | 2021-06-22 |
| CVE-2021-23852 | An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes th... | 4.9 - MEDIUM | 2021-06-09 | 2021-06-17 |
| CVE-2021-23851 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-03-30 | 2022-04-08 |
| CVE-2021-23850 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-03-30 | 2022-04-08 |
| CVE-2021-23849 | A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system... | 8.8 - HIGH | 2021-08-05 | 2021-08-12 |
| CVE-2021-23848 | An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. A... | 6.1 - MEDIUM | 2021-06-09 | 2021-06-17 |
| CVE-2021-23847 | A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensit... | 9.1 - CRITICAL | 2021-06-09 | 2021-06-22 |
| CVE-2021-23846 | When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained ... | 5.9 - MEDIUM | 2021-06-18 | 2021-06-24 |
| CVE-2021-23845 | This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vul... | 8.8 - HIGH | 2021-06-18 | 2021-06-24 |
| CVE-2021-23843 | The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The ... | 7.8 - HIGH | 2022-01-19 | 2022-01-28 |
Known software with vulnerabilities from Bosch
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bosch | Access | - |
| Application | Bosch | Access Professional Edition | 3.0 |
| Application | Bosch | Bosch Video Management System | 3.0 |
| Application | Bosch | Bosch Video Management System Mobile Video Service | 7.5 |
| Application | Bosch | Building Integration System | 2.2 |
| Application | Bosch | Configuration Manager | 5.50.0226 |
| Hardware | Bosch | Divar Ip 3000 | - |
| Operating System | Bosch | Divar Ip 3000 Firmware | - |
| Hardware | Bosch | Divar Ip 7000 | - |
| Operating System | Bosch | Divar Ip 7000 Firmware | - |
| Hardware | Bosch | Fsm-2500 | - |
| Operating System | Bosch | Fsm-2500 Firmware | - |
| Hardware | Bosch | Fsm-5000 | - |
| Operating System | Bosch | Fsm-5000 Firmware | - |
| Application | Bosch | Iot Gateway Software | - |
| Hardware | Bosch | Praesensa | - |
| Operating System | Bosch | Praesensa Firmware | - |
| Hardware | Bosch | Praesideo | - |
| Operating System | Bosch | Praesideo Firmware | - |
| Application | Bosch | Prosyst Mbs Sdk | - |