VYPR
Vendor

Bosch

Products
52
CVEs
72
Across products
103
Status
Private

Products

52
View all 52 products →

Recent CVEs

72
View all 72 CVEs →
  • CVE-2024-25002HigMar 25, 2024
    risk 0.57cvss 8.8epss 0.01

    Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.

  • CVE-2024-33618HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.

  • CVE-2016-4507MedJul 6, 2016
    risk 0.42cvss 6.4epss 0.01

    SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-4508MedJul 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2023-32228MedApr 11, 2024
    risk 0.30cvss 4.6epss 0.00

    A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user.

  • CVE-2015-6970Feb 18, 2020
    risk 0.04cvss epss 0.05

    The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.

  • CVE-2021-33547Sep 13, 2021
    risk 0.02cvss epss 0.03

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

  • CVE-2020-6779Jan 25, 2021
    risk 0.01cvss epss 0.04

    Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the…

  • CVE-2020-6770Feb 7, 2020
    risk 0.01cvss epss 0.04

    Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This…

  • CVE-2023-49722Jan 9, 2024
    risk 0.00cvss epss 0.00

    Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network.

  • CVE-2022-41677Dec 18, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the…

  • CVE-2023-35867Dec 18, 2023
    risk 0.00cvss epss 0.01

    An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through…

  • CVE-2023-32230Dec 18, 2023
    risk 0.00cvss epss 0.01

    An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.

  • CVE-2023-46102Oct 25, 2023
    risk 0.00cvss epss 0.00

    The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a…

  • CVE-2023-45851Oct 25, 2023
    risk 0.00cvss epss 0.00

    The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake…

  • CVE-2023-45321Oct 25, 2023
    risk 0.00cvss epss 0.00

    The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature…

  • CVE-2023-45220Oct 25, 2023
    risk 0.00cvss epss 0.00

    The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature…

  • CVE-2023-41960Oct 25, 2023
    risk 0.00cvss epss 0.00

    The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.

  • CVE-2023-41255Oct 25, 2023
    risk 0.00cvss epss 0.00

    The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug…

  • CVE-2023-29241Jun 30, 2023
    risk 0.00cvss epss 0.00

    Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network