Siemens Ruggedcom Crossbow
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Siemens Ruggedcom Crossbow.
By the Year
In 2026 there have been 0 vulnerabilities in Siemens Ruggedcom Crossbow. Ruggedcom Crossbow did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 9 | 7.59 |
| 2023 | 7 | 8.11 |
It may take a day or so for new Ruggedcom Crossbow vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Ruggedcom Crossbow Security Vulnerabilities
Remote Log Forwarding Vulnerability in RUGGEDCOM CROSSBOW <5.5
CVE-2024-27947
5.3 - Medium
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.
Information Disclosure
RUGGEDCOM CROSSBOW < V5.5 Arbitrary File Overwrite via Specified Filename
CVE-2024-27946
6.5 - Medium
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.
Directory traversal
CVE-2024-27945: Ruggedcom Crossbow <5.5 Remote File Overwrite via Bulk Import
CVE-2024-27945
7.2 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
Unrestricted File Upload
RCE via Firmware Upload in Ruggedcom Crossbow (<V5.5)
CVE-2024-27944
7.2 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
Unrestricted File Upload
Ruggedcom Crossbow <5.5: Privileged File Upload Enables RCE
CVE-2024-27943
7.2 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
Unrestricted File Upload
RUGGEDCOM CROSSBOW <5.5 Unauth Client Disconnects Users (DoS)
CVE-2024-27942
7.5 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.
Missing Authentication for Critical Function
CVE-2024-27941: SQLi in RUGGEDCOM CROSSBOW (All < V5.5)
CVE-2024-27941
8.8 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database.
SQL Injection
Authenticated SQL Injection in Ruggedcom Crossbow <v5.5
CVE-2024-27940
8.8 - High
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.
SQL Injection
RUGGEDCOM CROSSBOW <5.5 arbitrary file upload: code exec with system privs
CVE-2024-27939
9.8 - Critical
- May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.
AuthZ
RUGGEDCOM CROSSBOW <5.4 Unauthenticated Remote File Write
CVE-2023-37373
7.5 - High
- August 08, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.
Missing Authentication for Critical Function
Unauthenticated Remote SQL Injection in RUGGEDCOM CROSSBOW <5.4
CVE-2023-37372
9.8 - Critical
- August 08, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.
SQL Injection
SQLi in RUGGEDCOM CROSSBOW (<5.4) allowing remote authed elev
CVE-2023-27411
8.8 - High
- August 08, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.
SQL Injection
Ruggedcom CROSSBOW SQLi via Audit Log Form in < V5.3
CVE-2023-27463
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.
SQL Injection
Unprivileged Data Exposure in RuggedCom CROSSBOW <5.3 via Client Queries
CVE-2023-27462
4.3 - Medium
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
AuthZ
RUGGEDCOM CROSSBOW <= V5.2 Permissions Bypass for Assigning Admin Groups
CVE-2023-27310
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
AuthZ
Ruggedcom Crossbow <5.2 Client Query Handler PrivEsc
CVE-2023-27309
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Siemens Ruggedcom Crossbow or by Siemens? Click the Watch button to subscribe.
