Vulnerability Details CVE-2020-6779
Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.099
EPSS Ranking 92.7%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 10.0
Products affected by CVE-2020-6779
-
cpe:2.3:h:bosch:fsm-2500:-
-
cpe:2.3:h:bosch:fsm-5000:-
-
cpe:2.3:o:bosch:fsm-2500_firmware:-
-
cpe:2.3:o:bosch:fsm-2500_firmware:5.2
-
cpe:2.3:o:bosch:fsm-5000_firmware:-
-
cpe:2.3:o:bosch:fsm-5000_firmware:5.2