PatchSiren cyber security CVE debrief
CVE-2024-27941 Siemens CVE debrief
A SQL injection vulnerability in Siemens RUGGEDCOM CROSSBOW client systems allows authenticated attackers to compromise the entire database due to improper input sanitization. The vulnerability, published 2024-05-14, carries a CVSS 3.1 score of 8.8 (HIGH) with network attack vector, low attack complexity, and low privileges required. Siemens has released version 5.5 as a remediation. CISA published advisory ICSA-24-137-10 coordinating with Siemens' security advisory SSA-916916. No known exploitation in ransomware campaigns has been documented.
- Vendor
- Siemens
- Product
- RUGGEDCOM CROSSBOW
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Organizations operating Siemens RUGGEDCOM CROSSBOW in industrial control system environments, critical infrastructure operators, database administrators managing backend systems for OT networks, and security teams responsible for ICS/SCADA security posture.
Technical summary
The vulnerability exists in client systems that fail to sanitize input data before transmitting to SQL servers. An attacker with low privileges can exploit this via network access to execute arbitrary SQL commands, resulting in complete database compromise with high impact to confidentiality, integrity, and availability. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network exploitable, low complexity, low privilege requirements, and high impacts across all three security dimensions. Remediation requires updating to version 5.5 or later.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update Siemens RUGGEDCOM CROSSBOW to version 5.5 or later
- Review database access logs for anomalous query patterns from client systems
- Implement input validation and parameterized queries for all database interactions
- Apply principle of least privilege to database accounts used by RUGGEDCOM CROSSBOW clients
- Monitor CISA ICS advisories for additional guidance on industrial control system security
Evidence notes
CVE description and CVSS vector from CISA CSAF source ICSA-24-137-10. Vendor fix confirmed in CSAF remediations section with specific version guidance. No KEV listing present.
Official resources
-
CVE-2024-27941 CVE record
CVE.org
-
CVE-2024-27941 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14