CVE-2020-6785
HIGHBosch BVMS and BVMS Viewer < 9.0 - Uncontrolled Search Path Element in DLL Loading
Title source: llmDescription
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (2)
bosch/video_management_system
< 9.0
bosch/video_management_system_viewer
< 9.0
Published
Mar 25, 2021
Tracked Since
Feb 18, 2026