Login Sign Up

CVE-2024-27943

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in RUGGEDCOM CROSSBOW allows privileged users to upload arbitrary files to the system's root installation directory. By replacing specific files, attackers can tamper with system functionality or achieve remote code execution. All versions before V5.5 are affected.

💻 Affected Systems

Products:
  • RUGGEDCOM CROSSBOW
Versions: All versions < V5.5
Operating Systems: Not specified - likely embedded industrial OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires privileged user access to exploit. Industrial control systems using this software are affected.

📦 What is this software?

Ruggedcom Crossbow by Siemens

View all CVEs affecting Ruggedcom Crossbow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or disruption of industrial control operations.

🟠

Likely Case

File tampering and privilege escalation allowing attackers to modify system behavior or gain persistent access.

🟢

If Mitigated

Limited impact if proper access controls and monitoring prevent unauthorized file uploads.

🌐 Internet-Facing: MEDIUM - Requires privileged user access but could be exploited if systems are exposed.
🏢 Internal Only: HIGH - Internal privileged users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires privileged user credentials. File upload functionality is the attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.5

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-916916.html

Restart Required: Yes

Instructions:

1. Download V5.5 from Siemens support portal. 2. Backup current configuration. 3. Apply the update following Siemens documentation. 4. Restart the system. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict privileged user access

all

Limit privileged user accounts to only trusted personnel and implement strict access controls.

Monitor file upload activities

all

Implement logging and monitoring for file upload operations to the root installation directory.

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected systems from untrusted networks.
  • Enforce least privilege access controls and regularly audit privileged user activities.

🔍 How to Verify

Check if Vulnerable:

Check the CROSSBOW software version in the system administration interface.

Check Version:

Check via CROSSBOW web interface or administrative console (no specific CLI command provided).

Verify Fix Applied:

Confirm version is V5.5 or higher in the system administration interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activities to root installation directory
  • Privileged user account anomalies
  • File modification timestamps on system files

Network Indicators:

  • Unexpected network connections from CROSSBOW system
  • File transfer protocols to/from the system

SIEM Query:

source="crossbow" AND (event="file_upload" OR event="file_modify") AND path="*/installation/*"

📊 Metadata

CVE ID: CVE-2024-27943
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-73
Published: May 14, 2024
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27943, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)