| CVE | CVE-2023-27310 |
| CVE Title | |
| Published Date | 2023-03-14T10:15Z |
| Modified Date | 2023-03-17T17:05Z |
| CWE Type | CWE-862 |
| CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Description | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf |
| Reference Description | MISC https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf |
| Reference Description | |
| Tags | Vendor Advisory |
| Sources | NIST MITRE |
