cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-27947,https://securityvulnerability.io/vulnerability/CVE-2024-27947,Log Message Forwarding Vulnerability Affects RUGGEDCOM CROSSBOW Systems,A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.,Siemens,Ruggedcom Crossbow,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:16.725Z,0
CVE-2024-27946,https://securityvulnerability.io/vulnerability/CVE-2024-27946,Arbitrary File Overwrite Vulnerability in RUGGEDCOM CROSSBOW,"A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the 
installation directory of the affected systems. The filename for 
the target file can be specified, thus arbitrary files can be 
overwritten by an attacker with the required privileges.",Siemens,Ruggedcom Crossbow,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-05-14T10:02:15.551Z,0
CVE-2024-27945,https://securityvulnerability.io/vulnerability/CVE-2024-27945,Bulk Import Vulnerability Affects RUGGEDCOM CROSSBOW Systems,"A significant vulnerability exists in all versions of RUGGEDCOM CROSSBOW prior to v5.5, which affects its bulk import feature. This vulnerability allows a privileged user to upload files directly to the root installation directory of the system. By exploiting this flaw, an attacker has the potential to replace critical system files, leading to unauthorized modification, data corruption, or even enabling remote code execution. Organizations using the affected versions are advised to review their permissions and upgrade to the latest version to mitigate these security risks.",Siemens,Ruggedcom Crossbow,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:14.365Z,0
CVE-2024-27944,https://securityvulnerability.io/vulnerability/CVE-2024-27944,Privileged User Firmware Upload Vulnerability Affects RUGGEDCOM CROSSBOW Systems,"A vulnerable aspect of RUGGEDCOM CROSSBOW systems exists that permits a privileged user to upload firmware files directly to the root installation directory. This exposure could enable an attacker to manipulate critical system files, potentially leading to unauthorized access and remote code execution. Organizations using versions of RUGGEDCOM CROSSBOW earlier than V5.5 should prioritize remediating this vulnerability to safeguard their systems.",Siemens,Ruggedcom Crossbow,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:13.176Z,0
CVE-2024-27943,https://securityvulnerability.io/vulnerability/CVE-2024-27943,Privileged File Upload Vulnerability Affects RUGGEDCOM CROSSBOW Systems,"A vulnerability exists in RUGGEDCOM CROSSBOW that allows a privileged user to upload arbitrary files to the root installation directory. This flaw can be exploited by replacing critical files, which poses a significant risk of file tampering and may lead to unauthorized remote code execution. Organizations using versions of RUGGEDCOM CROSSBOW prior to version 5.5 are advised to take immediate action to mitigate this security risk.",Siemens,Ruggedcom Crossbow,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:11.931Z,0
CVE-2024-27942,https://securityvulnerability.io/vulnerability/CVE-2024-27942,Unauthenticated Disconnection of Active Users Causes Denial of Service,"A vulnerability has been identified in RUGGEDCOM CROSSBOW that allows unauthenticated clients to disconnect active users from the server. This manipulation can lead to a denial of service, interrupting normal operations and preventing legitimate users from interacting with the system. All versions prior to V5.5 are affected, posing a risk to network stability and security.",Siemens,Ruggedcom Crossbow,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:10.764Z,0
CVE-2024-27941,https://securityvulnerability.io/vulnerability/CVE-2024-27941,Crossbow Vulnerability Could Compromise Database,"A vulnerability has been detected in the RUGGEDCOM CROSSBOW product by Siemens, notably affecting all versions prior to V5.5. The flaw arises from insufficient input data sanitization before it is relayed to the SQL server. This oversight allows potential attackers to manipulate database queries, which could lead to a complete compromise of the database. Organizations using the affected RUGGEDCOM CROSSBOW systems should prioritize immediate mitigation strategies to safeguard their data assets and ensure database integrity.",Siemens,Ruggedcom Crossbow,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:09.602Z,0
CVE-2024-27940,https://securityvulnerability.io/vulnerability/CVE-2024-27940,Arbitrary SQL Command Vulnerability Affects RUGGEDCOM CROSSBOW Systems,"A vulnerability exists in RUGGEDCOM CROSSBOW that allows any authenticated user to execute arbitrary SQL commands against the SQL server. This exploitation can lead to unauthorized access to the database, potentially compromising sensitive data and the integrity of the entire database system. All versions prior to 5.5 are affected, making it crucial for organizations utilizing this product to implement necessary security measures to mitigate potential threats.",Siemens,Ruggedcom Crossbow,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:08.412Z,0
CVE-2024-27939,https://securityvulnerability.io/vulnerability/CVE-2024-27939,Arbitrary File Upload Vulnerability Affects RUGGEDCOM CROSSBOW Systems,"A significant vulnerability has been discovered in RUGGEDCOM CROSSBOW versions prior to 5.5, which permits unauthenticated users to upload arbitrary files. This security flaw opens avenues for attackers to execute arbitrary code with system privileges, potentially compromising the integrity and functionality of affected systems. Organizations utilizing these systems should take immediate action to assess their exposure to this vulnerability and implement the necessary security measures.",Siemens,Ruggedcom Crossbow,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T10:02:07.190Z,0
CVE-2023-27411,https://securityvulnerability.io/vulnerability/CVE-2023-27411,SQL Injection Vulnerability in RUGGEDCOM CROSSBOW by Siemens,"A vulnerability exists in RUGGEDCOM CROSSBOW, affecting all versions prior to V5.4, that allows authenticated remote attackers to exploit SQL injection flaws. This could empower them to execute unauthorized SQL commands on the database, potentially leading to privilege escalation. Organizations using this application must address the weakness to safeguard against unauthorized access and data manipulation.",Siemens,RUGGEDCOM CROSSBOW,8.8,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2023-08-08T10:15:00.000Z,0
CVE-2023-37372,https://securityvulnerability.io/vulnerability/CVE-2023-37372,SQL Injection Vulnerability in RUGGEDCOM CROSSBOW by Siemens,"A security vulnerability has been discovered in RUGGEDCOM CROSSBOW that allows unauthenticated remote attackers to perform SQL injection. This flaw permits attackers to execute arbitrary SQL queries on the server's database, potentially leading to unauthorized access to sensitive data. Users of all RUGGEDCOM CROSSBOW versions prior to V5.4 are advised to apply the necessary security updates and configurations to mitigate this risk.",Siemens,RUGGEDCOM CROSSBOW,9.8,CRITICAL,0.0009800000116229057,false,false,false,false,,false,false,2023-08-08T10:15:00.000Z,0
CVE-2023-37373,https://securityvulnerability.io/vulnerability/CVE-2023-37373,Unauthenticated File Write Vulnerability in RUGGEDCOM CROSSBOW by Siemens,"A vulnerability has been discovered in RUGGEDCOM CROSSBOW that allows an unauthenticated remote attacker to send malicious file write messages. This could enable the attacker to write arbitrary files to the application’s file system, potentially leading to unauthorized access and system compromise. Organizations utilizing affected versions should address this vulnerability promptly to enhance their cybersecurity posture.",Siemens,RUGGEDCOM CROSSBOW,7.5,HIGH,0.001129999989643693,false,false,false,false,,false,false,2023-08-08T10:15:00.000Z,0
CVE-2023-27463,https://securityvulnerability.io/vulnerability/CVE-2023-27463,SQL Injection Vulnerability in RUGGEDCOM CROSSBOW by Siemens,"A vulnerability exists in RUGGEDCOM CROSSBOW that enables authenticated remote attackers to exploit the audit log feature of the application through SQL injection. This flaw allows attackers to execute arbitrary SQL commands on the database, potentially leading to unauthorized data access or manipulation. It is crucial for users of affected versions to apply updates to secure their systems against this threat.",Siemens,RUGGEDCOM CROSSBOW,8.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0
CVE-2023-27309,https://securityvulnerability.io/vulnerability/CVE-2023-27309,Permission Misconfiguration in RUGGEDCOM CROSSBOW by Siemens,"A vulnerability exists in RUGGEDCOM CROSSBOW prior to version 5.2, where the client query handler inadequately verifies permissions for certain write queries. This shortcoming allows an authenticated remote attacker to execute unauthorized actions within the system, potentially compromising security and operational integrity.",Siemens,RUGGEDCOM CROSSBOW,8.8,HIGH,0.0018400000408291817,false,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0
CVE-2023-27310,https://securityvulnerability.io/vulnerability/CVE-2023-27310,Authorization Bypass Vulnerability in RUGGEDCOM CROSSBOW by Siemens,"An authorization bypass vulnerability exists in RUGGEDCOM CROSSBOW due to inadequate permission checks in the client query handler. This flaw allows an authenticated remote attacker to assign administrative privileges to non-privileged user accounts, potentially compromising network security. Organizations using affected versions should implement immediate security measures to mitigate risk.",Siemens,RUGGEDCOM CROSSBOW,8.8,HIGH,0.0018400000408291817,false,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0
CVE-2023-27462,https://securityvulnerability.io/vulnerability/CVE-2023-27462,,A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.,Siemens,RUGGEDCOM CROSSBOW,4.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2023-03-14T10:15:00.000Z,0