Authorization Bypass Vulnerability in RUGGEDCOM CROSSBOW by Siemens
CVE-2023-27310
8.8HIGH
Summary
An authorization bypass vulnerability exists in RUGGEDCOM CROSSBOW due to inadequate permission checks in the client query handler. This flaw allows an authenticated remote attacker to assign administrative privileges to non-privileged user accounts, potentially compromising network security. Organizations using affected versions should implement immediate security measures to mitigate risk.
Affected Version(s)
RUGGEDCOM CROSSBOW All versions < V5.2
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved