Arbitrary File Upload Vulnerability Affects RUGGEDCOM CROSSBOW Systems
CVE-2024-27939

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Ruggedcom Crossbow
Vendor: CVE Published:; 14 May 2024

Summary

A significant vulnerability has been discovered in RUGGEDCOM CROSSBOW versions prior to 5.5, which permits unauthenticated users to upload arbitrary files. This security flaw opens avenues for attackers to execute arbitrary code with system privileges, potentially compromising the integrity and functionality of affected systems. Organizations utilizing these systems should take immediate action to assess their exposure to this vulnerability and implement the necessary security measures.

Affected Version(s)

RUGGEDCOM CROSSBOW 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9169...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 28, 2024