CVE-2023-27309
Vulnerability from cvelistv5
Published
2023-03-14 09:31
Modified
2024-08-02 12:09
Severity
Summary
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
References
Source | URL | Tags |
---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Siemens | RUGGEDCOM CROSSBOW |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.454Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM CROSSBOW", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions \u003c V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:57.134Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-27309", "datePublished": "2023-03-14T09:31:57.134Z", "dateReserved": "2023-02-28T09:05:35.296Z", "dateUpdated": "2024-08-02T12:09:43.454Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-27309\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2023-03-14T10:15:28.677\",\"lastModified\":\"2023-03-17T17:01:45.057\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions \u003c V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2\",\"matchCriteriaId\":\"C0C5F255-C56D-4F50-BFA1-5FAA4A3856F7\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...