CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-27939
https://notcve.org/view.php?id=CVE-2024-27939
14 May 2024 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten la carga de archivos arbitrarios de cualquier usuario no autenticado. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 148EXPL: 0CVE-2023-39269
https://notcve.org/view.php?id=CVE-2023-39269
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGED... • https://cert-portal.siemens.com/productcert/pdf/ssa-770902.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37373
https://notcve.org/view.php?id=CVE-2023-37373
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas aceptan mensajes de escritura de archivos no autenticados. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37372
https://notcve.org/view.php?id=CVE-2023-37372
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas son vulnerables a la inyección SQL. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27411
https://notcve.org/view.php?id=CVE-2023-27411
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas son vulnerables a la inyección SQL. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 148EXPL: 0CVE-2023-24845
https://notcve.org/view.php?id=CVE-2023-24845
08 Aug 2023 — A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGED... • https://cert-portal.siemens.com/productcert/pdf/ssa-908185.pdf • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-36755
https://notcve.org/view.php?id=CVE-2023-36755
11 Jul 2023 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), R... • https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-36754
https://notcve.org/view.php?id=CVE-2023-36754
11 Jul 2023 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), R... • https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-36753
https://notcve.org/view.php?id=CVE-2023-36753
11 Jul 2023 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), R... • https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-36752
https://notcve.org/view.php?id=CVE-2023-36752
11 Jul 2023 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), R... • https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •