CVE-2023-27310

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 53.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Crossbow

Timeline

PublishedMar 14

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/ruggedcom_crossbow< 5.2

▶CVEListV5siemens/ruggedcom_crossbowAll versions < V5.2

🔴Vulnerability Details

GHSA

GHSA-g658-w8fr-782c: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶

CVEList

CVE-2023-27310: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶