CVE-2020-6785

25.03.2021, 16:15

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
bosch	CNA	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
bosch	video_management_system	𝑥 < 9.0
bosch	video_management_system	10.0 ≤ 𝑥 < 10.0.2
bosch	video_management_system	10.1 ≤ 𝑥 < 10.1.1
bosch	video_management_system	𝑥 < 9.0
bosch	video_management_system	10.0 ≤ 𝑥 < 10.0.2
bosch	video_management_system	10.1 ≤ 𝑥 < 10.1.1
bosch	video_management_system	𝑥 < 9.0
bosch	video_management_system	10.0 ≤ 𝑥 < 10.0.2
bosch	video_management_system	10.1 ≤ 𝑥 < 10.1.1
bosch	video_management_system_viewer	𝑥 < 9.0
bosch	video_management_system_viewer	10.0 ≤ 𝑥 < 10.0.2
bosch	video_management_system_viewer	10.1.0 ≤ 𝑥 < 10.1.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html