Siemens RUGGEDCOM CROSSBOW V5.2

Monitor6.6ICS-CERT ICSA-23-075-03Mar 14, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW V5.2 and earlier contains two vulnerabilities: CVE-2023-27309 allows authenticated remote attackers to perform unauthorized actions, and CVE-2023-27310 allows privilege escalation. Both require high privilege level and high attack complexity.

What this means

What could happen

An authenticated attacker with high-level credentials on your RUGGEDCOM CROSSBOW device could perform unauthorized administrative actions or escalate their privileges, potentially allowing them to alter router configurations, disrupt network connectivity, or access sensitive data.

Who's at risk

Operators of Siemens RUGGEDCOM CROSSBOW devices used in utility networks, manufacturing facilities, and other industrial settings who rely on this industrial-grade router for network segmentation and remote site connectivity. This affects organizations in water utilities, electric power systems, and critical infrastructure that use RUGGEDCOM for secure communications.

How it could be exploited

An attacker must first obtain legitimate high-privilege credentials (likely through compromised administrator account or engineering workstation). They then authenticate to the RUGGEDCOM CROSSBOW management interface over the network and exploit the authorization or privilege escalation vulnerability to execute unauthorized actions or gain further system control.

Prerequisites

High-level administrative or engineering credentials for RUGGEDCOM CROSSBOW
Network access to the RUGGEDCOM CROSSBOW management interface (typically port 443 or SSH)
Knowledge of specific vulnerability exploitation technique (high attack complexity suggests this is not trivial)

Remotely exploitableRequires valid high-level credentialsHigh attack complexityAffects network routing in industrial environments

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW<V5.25.2

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to RUGGEDCOM CROSSBOW management interfaces using firewall rules and access control lists

HARDENINGEnforce strong authentication and access controls on engineering workstations and administrative accounts with RUGGEDCOM access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW to version 5.2 or later

HARDENINGMonitor RUGGEDCOM CROSSBOW for suspicious administrative activity and unauthorized configuration changes

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate RUGGEDCOM CROSSBOW and controlled devices from business networks and the Internet

CVEs (2)

CVE-2023-27309 CVE-2023-27310

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4efe921f-f239-4a5a-a236-263c96cb33ae