Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html | Vendor Advisory |
Configurations
History
03 Feb 2021, 01:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:bosch:fsm-5000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:fsm-2500:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:fsm-5000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:fsm-2500_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-798 | |
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 10.0 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:16
Updated : 2023-12-10 13:41
NVD link : CVE-2020-6779
Mitre link : CVE-2020-6779
CVE.ORG link : CVE-2020-6779
JSON object : View
Products Affected
bosch
- fsm-2500
- fsm-2500_firmware
- fsm-5000_firmware
- fsm-5000
CWE
CWE-798
Use of Hard-coded Credentials