Authorization Bypass Vulnerability in RUGGEDCOM CROSSBOW by Siemens
CVE-2023-27310
6.6MEDIUM
Summary
An authorization bypass vulnerability exists in RUGGEDCOM CROSSBOW due to inadequate permission checks in the client query handler. This flaw allows an authenticated remote attacker to assign administrative privileges to non-privileged user accounts, potentially compromising network security. Organizations using affected versions should implement immediate security measures to mitigate risk.
Affected Version(s)
RUGGEDCOM CROSSBOW All versions < V5.2
References
CVSS V3.1
Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved