CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27947
https://notcve.org/view.php?id=CVE-2024-27947
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados podrían permitir que los mensajes de registro se reenvíen a un cliente específico en determinadas c... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27946
https://notcve.org/view.php?id=CVE-2024-27946
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). La descarga de archivos sobrescribe los archivos con el mismo nombre en el directorio de inst... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27945
https://notcve.org/view.php?id=CVE-2024-27945
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). La función de importación masiva de los sistemas afectados permite a un usuario privilegiado... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27944
https://notcve.org/view.php?id=CVE-2024-27944
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos de firmware en el directorio de inst... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27943
https://notcve.org/view.php?id=CVE-2024-27943
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos genéricos en el directorio de instala... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27942
https://notcve.org/view.php?id=CVE-2024-27942
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten que cualquier cliente no autenticado desconecte a cualquier usuario act... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27941
https://notcve.org/view.php?id=CVE-2024-27941
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas cliente afectados no sanitizan adecuadamente los datos de entrada antes de enviarlos al servidor SQL. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27940
https://notcve.org/view.php?id=CVE-2024-27940
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten que cualquier usuario autenticado envíe comandos SQL arbitrarios al servidor SQL. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27939
https://notcve.org/view.php?id=CVE-2024-27939
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten la carga de archivos arbitrarios de cualquier usuario no autenticado. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37373
https://notcve.org/view.php?id=CVE-2023-37373
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas aceptan mensajes de escritura de archivos no autenticados. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-306: Missing Authentication for Critical Function •