CVE-2024-27946: Path Traversal
First published: Tue May 14 2024(Updated: )
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens RUGGEDCOM CROSSBOW | <5.5 | |
| Siemens RUGGEDCOM CROSSBOW | <5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-27946?
CVE-2024-27946 has been rated as a high-severity vulnerability.
How do I fix CVE-2024-27946?
To fix CVE-2024-27946, upgrade RUGGEDCOM CROSSBOW to version 5.5 or later.
What impact does CVE-2024-27946 have on RUGGEDCOM CROSSBOW?
CVE-2024-27946 allows attackers to overwrite arbitrary files within the installation directory.
Which versions of RUGGEDCOM CROSSBOW are affected by CVE-2024-27946?
All versions of RUGGEDCOM CROSSBOW prior to version 5.5 are affected by CVE-2024-27946.
Is there any workaround for CVE-2024-27946?
There are no documented workarounds for CVE-2024-27946; upgrading is the recommended solution.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/ruggedcom
- canonical/siemens ruggedcom crossbow
- vendor/siemens