CVE-2023-27462

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: RUGGEDCOM CROSSBOW
Vendor: CVE Published:; 14 March 2023

Summary

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

Affected Version(s)

RUGGEDCOM CROSSBOW All versions < V5.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32062...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Mar 1, 2023