Siemens RUGGEDCOM CROSSBOW

MonitorCVSS 5.5ICS-CERT ICSA-24-319-01Nov 12, 2024

Siemens

Attack path

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW Station Access Controller (SAC) versions before V5.6 contain multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or create a denial of service condition. These vulnerabilities are not remotely exploitable.

What this means

What could happen

An attacker with local or adjacent network access could run arbitrary code on the SAC, potentially altering access control policies or halting the controller, disrupting communication and station operations managed through this device.

Who's at risk

Water and electric utilities operating Siemens RUGGEDCOM CROSSBOW Station Access Controllers (SAC) for access control and station management should prioritize this update. The vulnerability affects versions earlier than V5.6 and requires adjacent network access, so it primarily impacts utilities with less strictly segmented OT networks.

How it could be exploited

An attacker must have adjacent network access (AV:A per CVSS) and requires low privilege credentials to trigger SQL injection or memory corruption flaws in the SQLite database component, leading to code execution or denial of service on the SAC.

Prerequisites

Adjacent network access to the RUGGEDCOM CROSSBOW SAC
Valid local or non-administrative user credentials on the SAC or the network segment
No special privileges required for exploitation

requires local/adjacent network accesslow complexity attacklow privilege credentials neededaffects access control systemno public exploit known yet

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW Station Access Controller (SAC)<V5.65.6

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the RUGGEDCOM CROSSBOW SAC from untrusted network segments using firewalls or access control lists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW Station Access Controller (SAC) to version 5.6 or later

Long-term hardening

0/1

HARDENINGIsolate the SAC and its network segment from the business IT network to limit adjacent access

CVEs (2)

CVE-2023-7104 CVE-2024-0232

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/935415f3-af77-4b07-ac3d-16b48de63391

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.