Описание
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.
Уязвимость системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю перезаписать произвольные файлы в системе
EPSS
6.5 Medium
CVSS3