Unauthenticated File Write Vulnerability in RUGGEDCOM CROSSBOW by Siemens
CVE-2023-37373

7.5HIGH

Key Information:

Vendor: Siemens
Status: RUGGEDCOM CROSSBOW
Vendor: CVE Published:; 8 August 2023

Summary

A vulnerability has been discovered in RUGGEDCOM CROSSBOW that allows an unauthenticated remote attacker to send malicious file write messages. This could enable the attacker to write arbitrary files to the application’s file system, potentially leading to unauthorized access and system compromise. Organizations utilizing affected versions should address this vulnerability promptly to enhance their cybersecurity posture.

Affected Version(s)

RUGGEDCOM CROSSBOW All versions < V5.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47263...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 3, 2023