Siemens RUGGEDCOM CROSSBOW

Monitor5.5ICS-CERT ICSA-24-319-01Nov 12, 2024

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component (CWE-122 buffer overflow, CWE-416 use-after-free) that allow an attacker with local network access to execute arbitrary code or cause a denial of service condition. The vulnerabilities are not remotely exploitable. Siemens has released a patched version (V5.6 or later).

What this means

What could happen

An attacker with local network access could exploit SQLite vulnerabilities in the SAC to execute arbitrary code on the device or cause it to stop responding, potentially disrupting access control functions for station automation and communications infrastructure.

Who's at risk

Operators of Siemens RUGGEDCOM CROSSBOW Station Access Controller devices used in utility automation, SCADA communications, and station access control systems should prioritize this update. The SAC acts as a critical access control and communications device in substations and control stations.

How it could be exploited

An attacker on the same local network as the SAC would craft a malicious SQLite query or input that triggers a buffer overflow or use-after-free condition in the embedded SQLite library. This allows execution of arbitrary code with the privileges of the SAC process.

Prerequisites

Local network access to the SAC (not remotely exploitable)
The SAC must be running version prior to V5.6
Attacker needs to interact with functions that process SQLite queries or database operations

buffer overflow and use-after-free memory corruptioncode execution possiblerequires local network access (reduces but does not eliminate risk)affects critical utility infrastructure access control

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW Station Access Controller (SAC)<V5.65.6

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to the SAC from untrusted subnets using firewall rules and access control lists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW Station Access Controller (SAC) to firmware version V5.6 or later

Long-term hardening

0/2

HARDENINGSegment the SAC network from business networks and ensure it is not directly exposed to the internet

HARDENINGImplement secure remote access methods such as VPN with encryption if remote management of the SAC is required

CVEs (2)

CVE-2023-7104 CVE-2024-0232

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/935415f3-af77-4b07-ac3d-16b48de63391