CVE-2023-27411

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.4

Description A vulnerability has been identified that allows authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. The issue is related to the lack of protection of the SQL query structure, which could be exploited by a remote attacker to perform malicious actions.

Recommendations For versions prior to V5.4, update to version V5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting privileges to minimize the risk of exploitation.