Siemens RUGGEDCOM CROSSBOW

Act Now9.8ICS-CERT ICSA-23-222-05Aug 8, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities enabling arbitrary SQL injection attacks against the database, denial of service conditions, and arbitrary file write to the application file system. The vulnerabilities are remotely exploitable with low attack complexity and no authentication required.

What this means

What could happen

An attacker could execute arbitrary commands on the RUGGEDCOM CROSSBOW server, allowing them to modify network configuration data, disable device management, or create service disruption. This could prevent legitimate administration of critical network infrastructure devices across your industrial control network.

Who's at risk

Operators of Siemens RUGGEDCOM CROSSBOW managed network appliances used in industrial automation and critical infrastructure. RUGGEDCOM devices are commonly deployed as edge management and security gateways in electric utility, water treatment, oil & gas, and manufacturing environments.

How it could be exploited

An attacker on the network sends crafted requests containing SQL injection payloads to the RUGGEDCOM CROSSBOW server application. The server processes the malicious input without proper validation, allowing the attacker to execute arbitrary database queries, write files to the file system, or trigger a denial of service.

Prerequisites

Network access to the RUGGEDCOM CROSSBOW server application (typically port 80/443 for web interface)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)

Exploitability

Moderate exploit probability (EPSS 5.2%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW<V5.45.4

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to RUGGEDCOM CROSSBOW server to authorized administration networks only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW to version 5.4 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate RUGGEDCOM CROSSBOW from business networks and ensure it is not accessible from the Internet

CVEs (5)

CVE-2021-31239 CVE-2022-37971 CVE-2023-27411 CVE-2023-37372 CVE-2023-37373

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e7fc9a25-ccb5-478e-bec3-95101fc7e2bc