CVE-2024-27944: Malicious File Upload
First published: Tue May 14 2024(Updated: )
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens RUGGEDCOM CROSSBOW | <5.5 | |
| Siemens RUGGEDCOM CROSSBOW | <5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-27944?
CVE-2024-27944 is classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-27944?
To address CVE-2024-27944, upgrade RUGGEDCOM CROSSBOW to version 5.5 or later.
What systems are affected by CVE-2024-27944?
CVE-2024-27944 affects all versions of RUGGEDCOM CROSSBOW prior to version 5.5.
What type of attacks can exploit CVE-2024-27944?
CVE-2024-27944 can be exploited to tamper with files or achieve remote code execution by uploading malicious firmware.
Who is the vendor of the software affected by CVE-2024-27944?
The vendor of the affected software is Siemens, specifically the RUGGEDCOM division.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/ruggedcom
- canonical/siemens ruggedcom crossbow
- vendor/siemens