CVE-2023-37373 MEDIUM

CVE-2023-37373

Vendor Siemens
Product RUGGEDCOM CROSSBOW
Weakness CWE-306 · Missing auth
Published August 8, 2023
Last update February 27, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
February 27, 2025 Record updated