PatchSiren cyber security CVE debrief
CVE-2024-27940 Siemens CVE debrief
CVE-2024-27940 is a high-severity SQL injection vulnerability in Siemens RUGGEDCOM CROSSBOW, published on May 14, 2024. The vulnerability allows any authenticated user to send arbitrary SQL commands to the SQL server, potentially enabling full database compromise. The CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability with network accessibility and low attack complexity. Siemens has released a vendor fix in version 5.5 or later. CISA published advisory ICSA-24-137-10 on the same date as the CVE publication. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM CROSSBOW
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Organizations operating Siemens RUGGEDCOM CROSSBOW in industrial control system environments, critical infrastructure operators, database administrators managing OT security, and security teams responsible for patch management in operational technology networks.
Technical summary
The vulnerability exists in the SQL query handling of Siemens RUGGEDCOM CROSSBOW, where insufficient input validation allows authenticated users to inject arbitrary SQL commands. This enables attackers with valid credentials to read, modify, or delete database contents, potentially compromising the entire database. The attack vector is network-based with low complexity, requiring only low-privileged authentication without user interaction. The vulnerability affects confidentiality, integrity, and availability at a high level.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix by updating Siemens RUGGEDCOM CROSSBOW to version 5.5 or later
- Restrict network access to affected systems to authorized personnel only
- Monitor database access logs for anomalous SQL query patterns from authenticated users
- Implement principle of least privilege for database accounts used by the application
- Review and validate input sanitization on all database-connected application interfaces
Evidence notes
Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-137-10. Vendor fix confirmed by Siemens ProductCERT advisory SSA-916916. CVSS vector and scoring details provided in source metadata.
Official resources
-
CVE-2024-27940 CVE record
CVE.org
-
CVE-2024-27940 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14