Authorization Flaw in RUGGEDCOM CROSSBOW by Siemens
CVE-2023-27462

3.1LOW

Key Information:

Vendor: Siemens
Status: Ruggedcom Crossbow
Vendor: CVE Published:; 14 March 2023

Summary

A critical authorization flaw exists in RUGGEDCOM CROSSBOW that permits authenticated remote attackers to execute specific read queries without appropriate permissions. This deficiency allows them to potentially access sensitive data, posing a significant risk to system integrity and confidentiality.

Affected Version(s)

RUGGEDCOM CROSSBOW All versions < V5.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32062...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Mar 1, 2023