CVE-2024-27946

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 42.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Crossbow

Timeline

PublishedMay 14

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5siemens/ruggedcom_crossbow< V5.5

▶NVDsiemens/ruggedcom_crossbow< 5.5

🔴Vulnerability Details

CVEList

CVE-2024-27946: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2024-05-14

▶

GHSA

GHSA-rw6c-wwr4-qgm6: A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5↗2024-05-14

▶