CVE-2024-27939 CRITICAL

CVE-2024-27939

Vendor Siemens

Product RUGGEDCOM CROSSBOW

Weakness CWE-862 · Missing authorization

Published May 14, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

Key dates

02Disclosure timeline

May 14, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-27939 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2021-24779 WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update CVE-2025-63039 WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability CVE-2026-25395 WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability CVE-2025-68024 WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant