Siemens RUGGEDCOM CROSSBOW V5.3

Plan Patch8.8ICS-CERT ICSA-23-075-02Mar 14, 2023

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW before V5.3 contains two vulnerabilities (CWE-862: missing authorization, CWE-89: SQL injection) that allow authenticated remote attackers to access unauthorized data or execute arbitrary database queries. No known public exploits are active, but exploitation probability is documented.

What this means

What could happen

An attacker with valid credentials could query or modify the RUGGEDCOM CROSSBOW database, potentially accessing sensitive network configuration, alarm history, or operational data that could inform further attacks on your control network.

Who's at risk

Water utilities, power utilities, and municipalities using Siemens RUGGEDCOM CROSSBOW network appliances for industrial control system connectivity and security monitoring are affected. This device is typically deployed at the boundary between the control network and corporate network.

How it could be exploited

An attacker must first obtain valid credentials (engineering or operator account) for RUGGEDCOM CROSSBOW, then connect to the device over the network and inject SQL commands through the application interface to read or modify database contents.

Prerequisites

Valid user credentials for RUGGEDCOM CROSSBOW (engineering or operator account)
Network access to RUGGEDCOM CROSSBOW device
Access to the application interface or API that processes database queries

Remotely exploitableRequires valid credentialsLow complexity attackAffects network monitoring/security appliance

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW<V5.35.3

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to RUGGEDCOM CROSSBOW using firewall rules; ensure the device is not accessible from the Internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW to version 5.3 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate RUGGEDCOM CROSSBOW and other control system devices from business networks

HARDENINGUse VPN with current security updates for any required remote access to control system devices

CVEs (2)

CVE-2023-27462 CVE-2023-27463

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/502e8a2b-7a09-45db-aab1-478bbf240340