CVE-2024-27945 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM CROSSBOW in industrial environments, critical infrastructure operators, OT security teams, and asset owners managing secure network management platforms

Technical summary

The bulk import functionality in Siemens RUGGEDCOM CROSSBOW contains a path traversal vulnerability that allows privileged users to write files to the root installation directory. An attacker with administrative privileges could exploit this to overwrite critical system files, leading to file tampering or remote code execution. The vulnerability requires high privileges (PR:H) but is network-accessible (AV:N) with low attack complexity (AC:L). Siemens has released version 5.5 to address this issue.

Defensive priority

HIGH

Recommended defensive actions

• Update Siemens RUGGEDCOM CROSSBOW to V5.5 or later version per vendor guidance
• Restrict administrative access to the bulk import feature to only essential personnel
• Monitor for unauthorized file modifications in the root installation directory
• Implement network segmentation to limit exposure of RUGGEDCOM CROSSBOW management interfaces
• Review and validate file integrity of critical system files regularly

Evidence notes

CISA published advisory ICSA-24-137-10 on 2024-05-14, identifying this vulnerability in Siemens RUGGEDCOM CROSSBOW. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) indicates network-accessible attack vector with high privileges required, but high impact on confidentiality, integrity, and availability. The exploitability is rated as 'proof-of-concept' with an official fix available.

Official resources