CVE-2024-27945

EPSS 2.41%
Published 14.05.2024 16:16:32
Last modified 06.02.2025 18:14:57
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Ruggedcom Crossbow Version < 5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.41%	0.844

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://cert-portal.siemens.com/productcert/html/ssa-916916.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27945

EUVD