CVE-2024-27945

high

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-10

https://cert-portal.siemens.com/productcert/html/ssa-916916.html

Details

Source: Mitre, NVD

Published: 2024-05-14

Updated: 2024-05-14

Risk Information

CVSS v2

Base Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H