CVE-2023-37373
https://notcve.org/view.php?id=CVE-2023-37373
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas aceptan mensajes de escritura de archivos no autenticados. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-306: Missing Authentication for Critical Function •
CVE-2023-37372
https://notcve.org/view.php?id=CVE-2023-37372
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas son vulnerables a la inyección SQL. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27411
https://notcve.org/view.php?id=CVE-2023-27411
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones inferiores a V5.4). Las aplicaciones afectadas son vulnerables a la inyección SQL. • https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27463
https://notcve.org/view.php?id=CVE-2023-27463
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. • https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-27462
https://notcve.org/view.php?id=CVE-2023-27462
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. • https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf • CWE-862: Missing Authorization •