CVE-2024-27939

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-916916.html	Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-916916.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*

History

06 Feb 2025, 18:16

Type	Values Removed	Values Added
First Time		Siemens ruggedcom Crossbow Siemens
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-916916.html - Vendor Advisory
CPE		cpe:2.3:a:siemens:ruggedcom_crossbow::::::::

21 Nov 2024, 09:05

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten la carga de archivos arbitrarios de cualquier usuario no autenticado. Un atacante podría aprovechar esta vulnerabilidad y lograr la ejecución de código arbitrario con privilegios del sistema.
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -

14 May 2024, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2025-02-06 18:16

NVD link : CVE-2024-27939

Mitre link : CVE-2024-27939

CVE.ORG link : CVE-2024-27939

JSON object : View

Products Affected

siemens

ruggedcom_crossbow

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-27939", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-05-14T16:16:23.443", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten la carga de archivos arbitrarios de cualquier usuario no autenticado. Un atacante podr\u00eda aprovechar esta vulnerabilidad y lograr la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios del sistema."}], "lastModified": "2025-02-06T18:16:36.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5984B129-3702-4DA7-AEA9-4B538CFE5E40", "versionEndExcluding": "5.5"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}