Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
bosch

BVMS

13 Versions 8 CVEs

Versions

11.1

MAJOR_MINOR 1 CVE

11.0

MAJOR_MINOR 5 CVEs

0

SINGLE_NUMBER 1 CVE

unspecified

OTHER 5 CVEs

10.1

MAJOR_MINOR 6 CVEs

11.1.0

SEMANTIC 1 CVE

11.1.1

SEMANTIC 1 CVE

10.0

MAJOR_MINOR 5 CVEs

9.0.0

SEMANTIC 4 CVEs

12.0.0

SEMANTIC 1 CVE

10.1.1

SEMANTIC 1 CVE

7.5

MAJOR_MINOR 1 CVE

11.0.0

SEMANTIC 1 CVE

Recent CVEs

CVE-2023-35867

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

MEDIUM Dec 18, 2023

CVE-2023-28175

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

HIGH Jun 15, 2023

CVE-2022-32540

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

HIGH Sep 30, 2022

CVE-2021-23862

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).

HIGH Dec 08, 2021

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.

MEDIUM Dec 08, 2021

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.

MEDIUM Dec 08, 2021

CVE-2021-23859

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

CRITICAL Dec 08, 2021

CVE-2020-6785

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

HIGH Mar 25, 2021