CVE-2023-27309

CVSS V2 None CVSS V3 None
Description
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
Overview
  • CVE ID
  • CVE-2023-27309
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-14T10:15:28
  • Last Modified Date
  • 2023-03-17T17:01:45
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:* 1 OR 5.2
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 06:24:15 Added to TrackCVE
2023-04-17 06:24:17 Weakness Enumeration new