ГлавнаяУязвимости → CVE-2024-27940
8.8высокая

CVE-2024-27940

→ есть в БДУ: BDU:2024-10356 (на русском)
Описание (на английском; русское — в БДУ выше)

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.

Затрагиваемое ПО
Siemens Ruggedcom crossbow
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://cert-portal.siemens.com/productcert/html/ssa-916916.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-916916.html