CVE-2020-6788: 
Bosch Configuration Manager vulnerability analysis and mitigation

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from (Bosch Advisory).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) with a CVSS v3.1 Base Score of 7.8 (High). The CVSS Vector String is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (Bosch Advisory).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code on the victim's system through DLL hijacking. The attack can potentially compromise the system's confidentiality, integrity, and availability with high severity impacts (Bosch Advisory).

The recommended approach is to update to a fixed version of the Bosch Configuration Manager installer. For installations where updates are not available, users should not execute installers from directories accessible by other users or directories where potentially malicious DLLs could be located (e.g., the default Downloads directory). It is recommended to move executables to new separated directories not accessible by other users and only start the executables from there (Bosch Advisory).