CVE-2023-27462

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 71.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Crossbow

Timeline

PublishedMar 14

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶NVDsiemens/ruggedcom_crossbow< 5.3

▶CVEListV5siemens/ruggedcom_crossbowAll versions < V5.3

🔴Vulnerability Details

CVEList

CVE-2023-27462: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶

GHSA

GHSA-345p-pc4m-43vp: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2023-03-14

▶