This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.ĬVE-2023-27310 has been assigned to this vulnerability. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts.
A CVSS v3 base score of 5.0 has been assigned the CVSS vector string is ( AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). This could allow an authenticated remote attacker to perform unauthorized actions.ĬVE-2023-27309 has been assigned to this vulnerability. The client query handler of the affected application fails to check for proper permissions for specific write queries. Siemens RUGGEDCOM CROSSBOW: All versions prior to V5.2.The following software from Siemens is affected: Successful exploitation of these vulnerabilities could allow authenticated remote attackers to perform unauthorized actions. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
0 kommentar(er)
