CVE-2020-6779

Name of the Vulnerable Software and Affected Versions: Bosch FSM-2500 server versions up to and including 5.2 Bosch FSM-5000 server versions up to and including 5.2

Description: The issue allows an unauthenticated remote attacker to log into the database with admin-privileges due to the use of hard-coded credentials. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system.

Recommendations: For Bosch FSM-2500 server versions up to and including 5.2, update to a version later than 5.2 to remove the hard-coded credentials. For Bosch FSM-5000 server versions up to and including 5.2, update to a version later than 5.2 to remove the hard-coded credentials. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.