Other official information and services: www.belgium.be

Warning: Critical Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW, Patch Immediately!

Référence:

Advisory #2023-94

Version:

1.0

Logiciels concernés :

SIEMENS RUGGEDCOM CROSSBOW versions < V5.4

Type:

SQL Injection Vulnerability, Denial of Service (DOS), Arbitrary file writes

CVE/CVSS:

CVE-2021-31239 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
CVE-2022-37971 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
CVE-2023-27411 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
CVE-2023-37372 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
CVE-2023-37373 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)

Date:

09/08/2023

Sources

https://cert-portal.siemens.com/productcert/html/ssa-472630.html

Risques

Siemens fixed several vulnerabilities In RUGGEDCOM CROSSBOW. These vulnerabilities could allow an attacker to perform SQL Injection attacks, create a Denial of Service (DOS) condition or write arbitrary files to the system. These vulnerabilities impact ALL vertices of the CIA triad

Description

Multiple vulnerabilities have been fixed in V5.4 of RUGGEDCOM CROSSBOW. The most severe vulnerability (CVE-2023-37372) has a CVSS score of 9.8. An attacker could use these vulnerabilities to remotely compromise the system and gain elevated privileges.

CVE-2021-31239 CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

SQLite3 v.3.35.4 could allow a remote attacker to cause a denial of service.

CVE-2022-37971 CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)

Microsoft Windows Defender Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability could result in specific limited SYSTEM privileges.

CVE-2023-27411 CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Authenticated remote execution of arbitrary SQL queries on the server database and escalate privileges.

CVE-2023-37372 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Unauthenticated remote execution of arbitrary SQL queries on the server database.

CVE-2023-37373 CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C) Unauthenticated remote arbitrary file writes to the application’s file system.

Actions recommandées

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems to V5.4 or later version as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.