CVE-2023-27310 MEDIUM

CVE-2023-27310

Vendor Siemens

Product RUGGEDCOM CROSSBOW

Weakness CWE-862 · Missing authorization

Published March 14, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.

Key dates

02Disclosure timeline

March 14, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-27310 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-39413 WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.6.0 - Broken Access Control vulnerability CVE-2024-33587 WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability CVE-2025-52801 WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API