CVE-2023-27309

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 51.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Crossbow

Timeline

PublishedMar 14

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages2 packages

▶NVDsiemens/ruggedcom_crossbow< 5.2

▶CVEListV5siemens/ruggedcom_crossbowAll versions < V5.2

🔴Vulnerability Details

GHSA

GHSA-rh9w-mh4f-p3x9: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶

CVEList

CVE-2023-27309: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶