Privileged File Upload Vulnerability Affects RUGGEDCOM CROSSBOW Systems
CVE-2024-27943

7.2HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Crossbow
Vendor: CVE Published:; 14 May 2024

Summary

A vulnerability exists in RUGGEDCOM CROSSBOW that allows a privileged user to upload arbitrary files to the root installation directory. This flaw can be exploited by replacing critical files, which poses a significant risk of file tampering and may lead to unauthorized remote code execution. Organizations using versions of RUGGEDCOM CROSSBOW prior to version 5.5 are advised to take immediate action to mitigate this security risk.

Affected Version(s)

RUGGEDCOM CROSSBOW 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9169...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 28, 2024