CVE-2024-27945
EUVD-2024-2511914.05.2024, 16:16
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| siemens | ruggedcom_crossbow | 𝑥 < 5.5 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| siemens | ruggedcom_crossbow | - ≤ 𝑥 < 5.5 | ADP |
Common Weakness Enumeration
- CWE-73 - External Control of File Name or PathThe software allows user input to control or influence paths or file names that are used in filesystem operations.
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.