Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Filtered by product Ruggedcom Crossbow
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37373 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 5.3 MEDIUM
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.
CVE-2023-37372 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 9.8 CRITICAL
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2023-27463 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 8.8 HIGH
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.
CVE-2023-27462 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 3.1 LOW
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
CVE-2023-27411 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 8.8 HIGH
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.
CVE-2023-27310 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 6.6 MEDIUM
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
CVE-2023-27309 1 Siemens 1 Ruggedcom Crossbow 2024-11-21 N/A 5.0 MEDIUM
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.