Siemens Ruggedcom Crossbow

Auth Admin Priv Escalation in RuggedCOM CROSSBOW SAM-P <5.8
CVE-2026-27668 8.8 - High - April 14, 2026

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

Incorrect Privilege Assignment

SQLite Memory Corrupt: Aggregates > Columns Before 3.50.2
CVE-2025-6965 - July 15, 2025

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Numeric Truncation Error

CVE-2024-27945: Ruggedcom Crossbow <5.5 Remote File Overwrite via Bulk Import
CVE-2024-27945 7.2 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Unrestricted File Upload

RUGGEDCOM CROSSBOW <5.5 arbitrary file upload: code exec with system privs
CVE-2024-27939 9.8 - Critical - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

AuthZ

Authenticated SQL Injection in Ruggedcom Crossbow <v5.5
CVE-2024-27940 8.8 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.

SQL Injection

CVE-2024-27941: SQLi in RUGGEDCOM CROSSBOW (All < V5.5)
CVE-2024-27941 8.8 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database.

SQL Injection

RUGGEDCOM CROSSBOW <5.5 Unauth Client Disconnects Users (DoS)
CVE-2024-27942 7.5 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.

Missing Authentication for Critical Function

Ruggedcom Crossbow <5.5: Privileged File Upload Enables RCE
CVE-2024-27943 7.2 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Unrestricted File Upload

RCE via Firmware Upload in Ruggedcom Crossbow (<V5.5)
CVE-2024-27944 7.2 - High - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

Unrestricted File Upload

RUGGEDCOM CROSSBOW < V5.5 Arbitrary File Overwrite via Specified Filename
CVE-2024-27946 6.5 - Medium - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.

Directory traversal

Remote Log Forwarding Vulnerability in RUGGEDCOM CROSSBOW <5.5
CVE-2024-27947 5.3 - Medium - May 14, 2024

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.

Information Disclosure

SQLi in RUGGEDCOM CROSSBOW (<5.4) allowing remote authed elev
CVE-2023-27411 8.8 - High - August 08, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.

SQL Injection

Unauthenticated Remote SQL Injection in RUGGEDCOM CROSSBOW <5.4
CVE-2023-37372 9.8 - Critical - August 08, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.

SQL Injection

RUGGEDCOM CROSSBOW <5.4 Unauthenticated Remote File Write
CVE-2023-37373 7.5 - High - August 08, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.

Missing Authentication for Critical Function

Ruggedcom CROSSBOW SQLi via Audit Log Form in < V5.3
CVE-2023-27463 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.

SQL Injection

Ruggedcom Crossbow <5.2 Client Query Handler PrivEsc
CVE-2023-27309 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.

AuthZ

RUGGEDCOM CROSSBOW <= V5.2 Permissions Bypass for Assigning Admin Groups
CVE-2023-27310 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.

AuthZ

Unprivileged Data Exposure in RuggedCom CROSSBOW <5.3 via Client Queries
CVE-2023-27462 4.3 - Medium - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

AuthZ

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli
CVE-2022-0778 - March 15, 2022

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).