Bosch: >> Pra-Es8p2s Firmware Security Vulnerabilities
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-06-23
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-06-23
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-23