Siemens RUGGEDCOM CROSSBOW Station Access Controller

Plan Patch8.3ICS-CERT ICSA-25-226-08Aug 12, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW Station Access Controller (SAC) versions prior to 5.7 contain multiple vulnerabilities in the integrated SQLite database component. These vulnerabilities could allow an attacker to execute arbitrary code or create a denial of service condition on the device.

What this means

What could happen

An attacker with network access to the RUGGEDCOM CROSSBOW SAC could execute arbitrary code on the device, potentially allowing them to modify access control configurations, disable authentication, or disrupt facility security operations.

Who's at risk

Water authorities and electric utilities operating Siemens RUGGEDCOM CROSSBOW Station Access Controllers for physical security and facility access control. This includes any facility using SAC for perimeter access, badge readers, gate control, or security policy enforcement.

How it could be exploited

An attacker sends a specially crafted network request to the SAC's SQLite database component. The request exploits buffer overflow or integer overflow vulnerabilities to execute arbitrary code on the device, giving the attacker the ability to modify access control policies or interfere with facility operations.

Prerequisites

Network access to the RUGGEDCOM CROSSBOW SAC (port and protocol not specified in advisory)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects security systems

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW Station Access Controller (SAC)< 5.75.7

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to the SAC using firewalls; do not expose the device directly to the internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW Station Access Controller (SAC) to version 5.7 or later

Long-term hardening

0/2

HARDENINGPlace the SAC behind a firewall and isolate it from business networks

HARDENINGIf remote access is required, use a VPN connection to the management network rather than exposing the SAC directly

CVEs (3)

CVE-2025-3277 CVE-2025-29087 CVE-2025-29088

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fd14c141-11a8-4aef-a6fc-02633b6277f5