CVSS: 9.0EPSS: 2%CPEs: 21EXPL: 0CVE-2023-48243
https://notcve.org/view.php?id=CVE-2023-48243
10 Jan 2024 — The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. La vulnerabilidad permite a un atacante remoto cargar archivos arbitrarios en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicación ("root") a través de una solicitud HTTP ma... • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48242
https://notcve.org/view.php?id=CVE-2023-48242
10 Jan 2024 — The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. La vulnerabilidad permite a un atacante remoto autenticado descargar archivos arbitrarios en todas las rutas del sistema en el contexto del usuario del sistema operativo de la aplicación ("root") a través de una solicitud HTTP manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-49722
https://notcve.org/view.php?id=CVE-2023-49722
09 Jan 2024 — Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. El puerto de red 8899 está abierto en el firmware WiFi de los productos BCC101/BCC102/BCC50, que permite a un atacante conectarse al dispositivo a través de la misma red WiFi. • https://psirt.bosch.com/security-advisories/BOSCH-SA-473852.html • CWE-1125: Excessive Attack Surface •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2022-41677
https://notcve.org/view.php?id=CVE-2022-41677
18 Dec 2023 — An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet. Se descubrió una vulnerabilidad de divulgación de información en los dispositivos de cámara IP de Bosch que permite a un atacante no autenticado recuperar información (como capacidades) sobre el disp... • https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2023-35867
https://notcve.org/view.php?id=CVE-2023-35867
18 Dec 2023 — An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. Un manejo inadecuado de paquetes de respuesta API con formato incorrecto para clientes API en productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situación de denegación ... • https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-32230
https://notcve.org/view.php?id=CVE-2023-32230
18 Dec 2023 — An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. Un manejo inadecuado de una solicitud API con formato incorrecto a un servidor API en los productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situación de denegación de servicio (DoS). • https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39509
https://notcve.org/view.php?id=CVE-2023-39509
18 Dec 2023 — A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. Existe una vulnerabilidad de inyección de comandos en las cámaras IP de Bosch que permite a un usuario autenticado con derechos administrativos ejecutar comandos arbitrarios en el sistema operativo de la cámara. • https://psirt.bosch.com/security-advisories/BOSCH-SA-638184-BT.html • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34999
https://notcve.org/view.php?id=CVE-2023-34999
18 Sep 2023 — A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. Existe una vulnerabilidad de inyección de comandos en RTS VLink Virtual Matrix Software versiones v5 (< 5.7.6) y v6 (< 6.5.0) que permite a un atacante realizar la ejecución de código arbitrario a través de la interfaz web de administración. • https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29241
https://notcve.org/view.php?id=CVE-2023-29241
30 Jun 2023 — Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network • https://psirt.bosch.com/security-advisories/BOSCH-SA-988400-BT.html • CWE-1112: Incomplete Documentation of Program Execution •
CVSS: 7.7EPSS: 0%CPEs: 22EXPL: 0CVE-2023-28175
https://notcve.org/view.php?id=CVE-2023-28175
15 Jun 2023 — Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •