CVE-2024-27940

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.5

Description The issue is related to the lack of protection against SQL query structure manipulation. This allows a remote attacker to execute arbitrary SQL queries. The affected systems permit any authenticated user to send arbitrary SQL commands to the SQL server, which could be used to compromise the entire database.

Recommendations For versions prior to V5.5, update to version V5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL server to minimize the risk of exploitation. Avoid using the SQL server for sensitive operations until the issue is resolved.