Security Vulnerabilities - CVEs Published In May 2024
A local attacker with low privileges can use a command injection vulnerability to gain root
privileges due to improper input validation using the OCPP Remote service.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-14
A low privileged remote attacker can use a command injection vulnerability in the API which performs
remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
CVSS Score
5.0
EPSS Score
0.007
Published
2024-05-14
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based
management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.
CVSS Score
7.0
EPSS Score
0.005
Published
2024-05-14
A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root
privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the
installation directory of the affected systems. The filename for
the target file can be specified, thus arbitrary files can be
overwritten by an attacker with the required privileges.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.024
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.024
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.022
Published
2024-05-14
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-14