CVE-2024-27943

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-916916.html	Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-916916.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*

History

06 Feb 2025, 18:15

Type	Values Removed	Values Added
First Time		Siemens ruggedcom Crossbow Siemens
CPE		cpe:2.3:a:siemens:ruggedcom_crossbow::::::::
CWE		CWE-434
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-916916.html - Vendor Advisory

21 Nov 2024, 09:05

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos genéricos en el directorio de instalación raíz del sistema. Al reemplazar archivos específicos, un atacante podría alterar archivos específicos o incluso lograr la ejecución remota de código.
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-916916.html -

14 May 2024, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2025-02-06 18:15

NVD link : CVE-2024-27943

Mitre link : CVE-2024-27943

CVE.ORG link : CVE-2024-27943

JSON object : View

Products Affected

siemens

ruggedcom_crossbow

CWE

CWE-73

External Control of File Name or Path

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-27943", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-05-14T16:16:28.537", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-73"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones < V5.5). Los sistemas afectados permiten a un usuario privilegiado cargar archivos gen\u00e9ricos en el directorio de instalaci\u00f3n ra\u00edz del sistema. Al reemplazar archivos espec\u00edficos, un atacante podr\u00eda alterar archivos espec\u00edficos o incluso lograr la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-02-06T18:15:25.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5984B129-3702-4DA7-AEA9-4B538CFE5E40", "versionEndExcluding": "5.5"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}