CVE-2024-27942

EPSS 0.43%
Veröffentlicht 14.05.2024 16:16:27
Zuletzt bearbeitet 06.02.2025 18:15:39
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Ruggedcom Crossbow Version < 5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.616

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
productcert@siemens.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cert-portal.siemens.com/productcert/html/ssa-916916.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27942

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27942

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27942

EUVD