Vulnerability Description
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Video Management System | < 9.0 |
| Bosch | Divar Ip 7000 R2 | - |
| Bosch | Divar Ip All-In-One 5000 | - |
| Bosch | Divar Ip All-In-One 7000 | - |
| Bosch | Video Management System Viewer | < 9.0 |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.htmlVendor Advisory
FAQ
What is CVE-2020-6785?
CVE-2020-6785 is a vulnerability with a CVSS score of 7.8 (HIGH). Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code ...
How severe is CVE-2020-6785?
CVE-2020-6785 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6785?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Video Management System, Bosch Divar Ip 7000 R2, Bosch Divar Ip All-In-One 5000, Bosch Divar Ip All-In-One 7000, Bosch Video Management System Viewer.