CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27462
https://notcve.org/view.php?id=CVE-2023-27462
14 Mar 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. • https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27310
https://notcve.org/view.php?id=CVE-2023-27310
14 Mar 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. • https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27309
https://notcve.org/view.php?id=CVE-2023-27309
14 Mar 2023 — A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. • https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 202EXPL: 0CVE-2022-46140
https://notcve.org/view.php?id=CVE-2022-46140
13 Dec 2022 — Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. Los dispositivos afectados utilizan un esquema de cifrado débil para cifrar el archivo zip de depuración. Esto podría permitir a un atacante autenticado descifrar el contenido del archivo y recuperar información de depuración sobre el sistema. • https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2022-46142
https://notcve.org/view.php?id=CVE-2022-46142
13 Dec 2022 — Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. Los dispositivos afectados almacenan las contraseñas de usuario de CLI cifradas en la memoria flash. Los atacantes con acceso físico al dispositivo podrían recuperar el archivo y descifrar las contraseñas de usuario de la CLI. • https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 5.1EPSS: 0%CPEs: 202EXPL: 0CVE-2022-46143
https://notcve.org/view.php?id=CVE-2022-46143
13 Dec 2022 — Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. Los dispositivos afectados no verifican correctamente el tamaño del bloque TFTP. Esto podría permitir que un atacante autenticado lea desde un búfer no inicializado que potencialmente contenga datos previamente asignados. • https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2022-31766
https://notcve.org/view.php?id=CVE-2022-31766
11 Oct 2022 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (Al... • https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2022-39158
https://notcve.org/view.php?id=CVE-2022-39158
13 Sep 2022 — Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends. Se ha identificado una vulnerabilidad en RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M210 0NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDC... • https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.0EPSS: 0%CPEs: 57EXPL: 0CVE-2022-34663
https://notcve.org/view.php?id=CVE-2022-34663
12 Jul 2022 — A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGED... • https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2022-29560
https://notcve.org/view.php?id=CVE-2022-29560
12 Jul 2022 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM R... • https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •