CVE-2024-27946 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM CROSSBOW in industrial environments, including critical infrastructure operators, utility companies, and manufacturing facilities using this network management platform for industrial Ethernet devices.

Technical summary

The vulnerability exists in the file download functionality of RUGGEDCOM CROSSBOW, where the application accepts user-specified filenames without proper validation. An attacker with high privileges can specify a filename containing directory traversal sequences (e.g., '../') to write files outside the intended download directory, including the installation directory itself. This allows overwriting of arbitrary files with attacker-controlled content. The CVSS v3.1 score of 6.5 reflects high impact to integrity and availability, though confidentiality is not affected. The attack requires network access and valid high-privilege credentials, with no user interaction required.

Defensive priority

high

Recommended defensive actions

• Update RUGGEDCOM CROSSBOW to version 5.5 or later as specified in the vendor security advisory
• Restrict administrative access to RUGGEDCOM CROSSBOW systems to trusted personnel only
• Monitor file system changes in the RUGGEDCOM CROSSBOW installation directory for unauthorized modifications
• Implement network segmentation to limit exposure of RUGGEDCOM CROSSBOW management interfaces
• Review and apply CISA ICS recommended practices for industrial control system security

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-137-10 and Siemens security advisory SSA-916916. CVSS 3.1 score of 6.5 (MEDIUM) with attack vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H. Affected product: RUGGEDCOM CROSSBOW versions prior to 5.5. Exploitation requires high privileges (PR:H), limiting attack surface to authenticated administrative users.

Official resources