CVE-2023-27309 MEDIUM

CVE-2023-27309

Vendor Siemens

Product RUGGEDCOM CROSSBOW

Weakness CWE-862 · Missing authorization

Published March 14, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.

Key dates

02Disclosure timeline

March 14, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-27309 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-32144 WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls CVE-2020-36667 JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change CVE-2025-57957 WordPress WooMS Plugin <= 9.12 - Broken Access Control Vulnerability CVE-2025-26661 Missing Authorization check in SAP NetWeaver (ABAP Class Builder)