CVE-2020-6785

Name of the Vulnerable Software and Affected Versions: Bosch BVMS versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older Bosch BVMS Viewer versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older Bosch DIVAR IP 7000 R2 with BVMS versions prior to 10.1.1 Bosch DIVAR IP all-in-one 5000 with BVMS versions prior to 10.1.1 Bosch DIVAR IP all-in-one 7000 with BVMS versions prior to 10.1.1

Description: Loading a DLL through an Uncontrolled Search Path Element in the affected software potentially allows an attacker to execute arbitrary code on a victim's system. This issue affects both the installer and the installed application.

Recommendations: For Bosch BVMS versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older, update to version 10.1.1 or later. For Bosch BVMS Viewer versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older, update to version 10.1.1 or later. For Bosch DIVAR IP 7000 R2, update the BVMS version to 10.1.1 or later. For Bosch DIVAR IP all-in-one 5000, update the BVMS version to 10.1.1 or later. For Bosch DIVAR IP all-in-one 7000, update the BVMS version to 10.1.1 or later.