Siemens RUGGEDCOM CROSSBOW Station Access Controller

Plan PatchCVSS 8.3ICS-CERT ICSA-25-226-08Aug 12, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW Station Access Controller (SAC) versions prior to 5.7 contain buffer overflow and integer overflow vulnerabilities in the integrated SQLite component. These vulnerabilities allow remote attackers to execute arbitrary code or cause denial of service without authentication. Siemens has released version 5.7 as a fix.

What this means

What could happen

An attacker with network access to a RUGGEDCOM CROSSBOW Station Access Controller could execute arbitrary code on the device or cause it to stop responding, disrupting access control and potentially affecting plant operations that depend on the SAC for secure station access.

Who's at risk

Water authorities and electric utilities using Siemens RUGGEDCOM CROSSBOW Station Access Controllers for network access control and authentication. The SAC is typically deployed at the boundary between administrative networks and critical operational control networks, making this device critical for plant security and operational continuity.

How it could be exploited

An attacker on the network sends a crafted request to the RUGGEDCOM CROSSBOW SAC's integrated SQLite component. The vulnerability in how the component handles input allows the attacker to trigger a buffer overflow or integer overflow condition, resulting in arbitrary code execution or denial of service. No authentication is required.

Prerequisites

Network access to the RUGGEDCOM CROSSBOW SAC device
Device running version earlier than 5.7

remotely exploitableno authentication requiredlow complexityaffects station access control

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW Station Access Controller (SAC)< 5.75.7

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the RUGGEDCOM CROSSBOW SAC device using firewall rules; allow only authorized engineering workstations and administrative hosts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW Station Access Controller to version 5.7 or later

Long-term hardening

0/2

HARDENINGPlace the RUGGEDCOM CROSSBOW SAC behind a firewall and on a dedicated industrial control network segment isolated from business networks

HARDENINGImplement network monitoring and intrusion detection on segments containing the RUGGEDCOM CROSSBOW SAC to identify suspicious access attempts

CVEs (3)

CVE-2025-3277 CVE-2025-29087 CVE-2025-29088

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fd14c141-11a8-4aef-a6fc-02633b6277f5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.