CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27463
https://notcve.org/view.php?id=CVE-2023-27463
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. • https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27462
https://notcve.org/view.php?id=CVE-2023-27462
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. • https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27310
https://notcve.org/view.php?id=CVE-2023-27310
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. • https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27309
https://notcve.org/view.php?id=CVE-2023-27309
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. • https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 202EXPL: 0CVE-2022-46140
https://notcve.org/view.php?id=CVE-2022-46140
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. Los dispositivos afectados utilizan un esquema de cifrado débil para cifrar el archivo zip de depuración. Esto podría permitir a un atacante autenticado descifrar el contenido del archivo y recuperar información de depuración sobre el sistema. • https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •