CVE-2020-6785

Summary

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

Affected Software

VendorProductVersion RangeStatus
BoschBVMSunspecified < 9.0.0affected
BoschBVMS10.0 < 10.0.2affected
BoschBVMS10.1 < 10.1.1affected
BoschBVMS Viewerunspecified < 9.0.0affected
BoschBVMS Viewer10.0 < 10.0.2affected
BoschBVMS Viewer10.1 < 10.1.1affected
BoschDIVAR IP 7000 R2allaffected
BoschDIVAR IP all-in-one 5000allaffected
BoschDIVAR IP all-in-one 7000allaffected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

References