Siemens RUGGEDCOM CROSSBOW

Act Now9.8ICS-CERT ICSA-24-137-10May 14, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW server application before V5.5 contains multiple vulnerabilities enabling SQL injection attacks and arbitrary file uploads. Attackers can execute arbitrary database queries to extract or modify configuration data, or upload files to achieve code execution on the server. These vulnerabilities could disrupt availability of the network management system and potentially affect control of connected industrial devices.

What this means

What could happen

An attacker could execute arbitrary SQL queries against the RUGGEDCOM CROSSBOW database or upload malicious files to the server, potentially disrupting network management and control functions across your connected industrial assets.

Who's at risk

Water utilities and electric utilities using RUGGEDCOM CROSSBOW network management appliances for SCADA and industrial network oversight should prioritize this update. The vulnerability affects any organization relying on CROSSBOW for remote device management, network monitoring, or data aggregation from field assets.

How it could be exploited

An attacker with network access to the RUGGEDCOM CROSSBOW web interface can inject SQL commands into input fields to bypass authentication or extract sensitive data, or upload files to gain code execution on the server. No authentication is required to trigger these vulnerabilities.

Prerequisites

Network access to the RUGGEDCOM CROSSBOW web application port (typically HTTP/HTTPS)
No valid credentials required
Server must be reachable from the attacker's network location

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects network management systems controlling industrial operations

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW<V5.55.5

Remediation & Mitigation

0/4

Do now

0/2

HOTFIXUpdate RUGGEDCOM CROSSBOW to version 5.5 or later immediately

WORKAROUNDRestrict network access to RUGGEDCOM CROSSBOW to authorized engineering workstations only using firewall rules; block all internet-facing access

Long-term hardening

0/2

HARDENINGPlace RUGGEDCOM CROSSBOW behind a firewall and isolate its network from business network segments and the internet

HARDENINGImplement VPN requirement for all remote access to RUGGEDCOM CROSSBOW management functions

CVEs (9)

CVE-2024-27944 CVE-2024-27945 CVE-2024-27946 CVE-2024-27939 CVE-2024-27940 CVE-2024-27941 CVE-2024-27942 CVE-2024-27943 CVE-2024-27947

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/76c2cdce-eacd-4271-8ad3-83312b7b9f6b