Crossbow Vulnerability Could Compromise Database
CVE-2024-27941

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Crossbow
Vendor: CVE Published:; 14 May 2024

Summary

A vulnerability has been detected in the RUGGEDCOM CROSSBOW product by Siemens, notably affecting all versions prior to V5.5. The flaw arises from insufficient input data sanitization before it is relayed to the SQL server. This oversight allows potential attackers to manipulate database queries, which could lead to a complete compromise of the database. Organizations using the affected RUGGEDCOM CROSSBOW systems should prioritize immediate mitigation strategies to safeguard their data assets and ensure database integrity.

Affected Version(s)

RUGGEDCOM CROSSBOW 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9169...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 28, 2024