Lucene search

SiemensCVELIST:CVE-2023-37373

HistoryAug 08, 2023 - 9:20 a.m.

CVE-2023-37373

2023-08-0809:20:28

CWE-306

siemens

www.cve.org

cve-2023-37373

vulnerability

ruggedcom crossbow

unauthenticated

remote

file write

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application’s file system.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM CROSSBOW",
    "versions": [
      {
        "version": "All versions < V5.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for CVELIST:CVE-2023-37373