Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4

Act Now9.8SSA-472630Aug 8, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities including SQL injection (CWE-89), improper access control (CWE-269), buffer overflow (CWE-125), and missing authentication checks (CWE-306). These allow an attacker to execute arbitrary database queries, create a denial of service condition, or write arbitrary files to the application's file system.

What this means

What could happen

An attacker could execute arbitrary SQL queries to read or modify critical network configuration data, cause the CROSSBOW server to stop responding (disrupting network management), or overwrite application files to compromise system integrity.

Who's at risk

Network and industrial facility operators using RUGGEDCOM CROSSBOW for network management and monitoring. This affects facilities relying on CROSSBOW for routing and switching management, including water utilities, power distribution, and manufacturing plants.

How it could be exploited

An attacker with network access to the RUGGEDCOM CROSSBOW server can send crafted SQL commands through the application interface to query the database, trigger resource exhaustion to stop the service, or upload malicious files to the file system by exploiting the missing input validation and access control checks.

Prerequisites

Network access to RUGGEDCOM CROSSBOW server application port
No authentication required (per CVSS vector PR:N)
Application running vulnerable version before V5.4

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS score (9.8)High EPSS score (5.2%)Affects network infrastructure control

Exploitability

Moderate exploit probability (EPSS 5.2%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM CROSSBOW< V5.45.4

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RUGGEDCOM CROSSBOW to version V5.4 or later

CVEs (5)

CVE-2021-31239 CVE-2022-37971 CVE-2023-27411 CVE-2023-37372 CVE-2023-37373

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bddb4f8f-23ce-4a33-818f-b2e61b6d7c37