CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2024-38278
https://notcve.org/view.php?id=CVE-2024-38278
09 Jul 2024 — A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(... • https://cert-portal.siemens.com/productcert/html/ssa-170375.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-52237
https://notcve.org/view.php?id=CVE-2023-52237
09 Jul 2024 — A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, R... • https://cert-portal.siemens.com/productcert/html/ssa-170375.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27947
https://notcve.org/view.php?id=CVE-2024-27947
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados podrían permitir que los mensajes de registro se reenvíen a un cliente específico en determinadas c... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27946
https://notcve.org/view.php?id=CVE-2024-27946
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). La descarga de archivos sobrescribe los archivos con el mismo nombre en el directorio de inst... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27945
https://notcve.org/view.php?id=CVE-2024-27945
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). La función de importación masiva de los sistemas afectados permite a un usuario privilegiado... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27944
https://notcve.org/view.php?id=CVE-2024-27944
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos de firmware en el directorio de inst... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27943
https://notcve.org/view.php?id=CVE-2024-27943
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos genéricos en el directorio de instala... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-73: External Control of File Name or Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27942
https://notcve.org/view.php?id=CVE-2024-27942
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten que cualquier cliente no autenticado desconecte a cualquier usuario act... • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27941
https://notcve.org/view.php?id=CVE-2024-27941
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas cliente afectados no sanitizan adecuadamente los datos de entrada antes de enviarlos al servidor SQL. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27940
https://notcve.org/view.php?id=CVE-2024-27940
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten que cualquier usuario autenticado envíe comandos SQL arbitrarios al servidor SQL. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •