CVE-2024-27946

{"id": "CVE-2024-27946", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-05-14T16:16:33.783", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the \r\ninstallation directory of the affected systems. The filename for \r\nthe target file can be specified, thus arbitrary files can be \r\noverwritten by an attacker with the required privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en RUGGEDCOM CROSSBOW (Todas las versiones &lt; V5.5). La descarga de archivos sobrescribe los archivos con el mismo nombre en el directorio de instalaci\u00f3n de los sistemas afectados. Se puede especificar el nombre del archivo de destino, por lo que un atacante con los privilegios necesarios puede sobrescribir archivos arbitrarios."}], "lastModified": "2024-11-21T09:05:28.653", "sourceIdentifier": "productcert@siemens.com"}