Bosch: >> Configuration Manager >> 7.21.0078 Security Vulnerabilities
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-18
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-03-25