CVE-2023-27462

2023-03-1410:15:29

CWE-862

[email protected]

web.nvd.nist.gov

vulnerability

ruggedcom crossbow

authenticated remote attackers

data access

nvd

cve-2023-27462

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

Affected configurations

NVD

Node

siemensruggedcom_crossbowRange<5.3

CPENameOperatorVersion
siemens:ruggedcom_crossbowsiemens ruggedcom crossbowlt5.3

CPE	Name	Operator	Version
siemens:ruggedcom_crossbow	siemens ruggedcom crossbow	lt	5.3

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM CROSSBOW",
    "versions": [
      {
        "version": "All versions < V5.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]