Login Sign Up

CVE-2024-27945

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in RUGGEDCOM CROSSBOW allows privileged users to upload files to the root installation directory via the bulk import feature. Attackers could replace specific files to tamper with system functionality or achieve remote code execution. All versions before V5.5 are affected.

💻 Affected Systems

Products:
  • RUGGEDCOM CROSSBOW
Versions: All versions < V5.5
Operating Systems: Not specified in advisory
Default Config Vulnerable: ⚠️ Yes
Notes: Requires privileged user access to exploit the bulk import feature.

📦 What is this software?

Ruggedcom Crossbow by Siemens

View all CVEs affecting Ruggedcom Crossbow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or disruption of industrial operations.

🟠

Likely Case

Privileged users abusing legitimate functionality to upload malicious files, potentially leading to system tampering or limited code execution.

🟢

If Mitigated

Unauthorized file uploads blocked, with proper access controls preventing exploitation even if vulnerability exists.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires privileged user credentials to access the bulk import feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.5

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-916916.html

Restart Required: Yes

Instructions:

1. Download RUGGEDCOM CROSSBOW V5.5 from Siemens support portal. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart the system. 5. Verify successful update.

🔧 Temporary Workarounds

Disable bulk import feature

all

Temporarily disable the bulk import functionality until patching is possible.

Refer to Siemens documentation for feature disablement procedures

Restrict privileged user access

all

Limit the number of users with administrative privileges to only essential personnel.

Review and reduce administrative user accounts

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for privileged users
  • Deploy network segmentation to isolate affected systems from critical networks

🔍 How to Verify

Check if Vulnerable:

Check RUGGEDCOM CROSSBOW version in system administration interface or via CLI commands.

Check Version:

Refer to Siemens documentation for version checking commands specific to RUGGEDCOM CROSSBOW.

Verify Fix Applied:

Confirm system version is V5.5 or later in administration interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual bulk import activity
  • File uploads to root directories
  • Privileged user account anomalies

Network Indicators:

  • Unexpected connections from RUGGEDCOM systems
  • Anomalous file transfer patterns

SIEM Query:

source="RUGGEDCOM" AND (event="bulk_import" OR event="file_upload")

📊 Metadata

CVE ID: CVE-2024-27945
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-73
Published: May 14, 2024
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27945, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)