CVE-2023-27310
First published: Tue Mar 14 2023(Updated: )
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Ruggedcom Crossbow | <5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-27310?
CVE-2023-27310 is a vulnerability identified in RUGGEDCOM CROSSBOW (All versions < V5.2).
How severe is CVE-2023-27310?
CVE-2023-27310 has a severity rating of 8.8 (high).
What is the affected software of CVE-2023-27310?
The affected software of CVE-2023-27310 is Siemens Ruggedcom Crossbow (All versions < V5.2).
What is the CWE of CVE-2023-27310?
The CWE of CVE-2023-27310 is 862.
How can I fix CVE-2023-27310?
To fix CVE-2023-27310, update your RUGGEDCOM CROSSBOW software to version 5.2 or higher.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens ruggedcom crossbow