Full Report
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW SAC
## CVE Details
- **CVE ID:** CVE-2023-7104
- **CVSS Score:** 5.5 (Medium)
- **CWE:** CWE-122 (Heap-based Buffer Overflow)
- **CVE ID:** CVE-2024-0232
- **CVSS Score:** 4.7 (Medium)
- **CWE:** CWE-416 (Use After Free)
## Affected Systems
- **Products:** RUGGEDCOM CROSSBOW Station Access Controller (SAC)
- **Versions:** All versions prior to V5.6
- **Configurations:** Systems utilizing the integrated SQLite component for session management or JSON parsing.
## Vulnerability Description
RUGGEDCOM CROSSBOW SAC integrates versions of SQLite that are susceptible to memory corruption flaws:
- **CVE-2023-7104:** A heap-based buffer overflow exists in the `sessionReadRecord` function within `ext/session/sqlite3session.c`. This is triggered during the handling of session records, potentially allowing for memory corruption.
- **CVE-2024-0232:** A heap use-after-free vulnerability exists in the `jsonParseAddNodeArray()` function in `sqlite3.c`. This occurs when the application processes specially crafted JSON input, which can result in application crashes.
## Exploitation
- **Status:** Proof of Concept (PoC) available (Exploit Code Maturity: Functional/Prototyped).
- **Complexity:**
- CVE-2023-7104: Low
- CVE-2024-0232: High (Requires user interaction/crafted input)
- **Attack Vector:**
- CVE-2023-7104: Adjacent (Network)
- CVE-2024-0232: Local
## Impact
- **Confidentiality:** Low (CVE-2023-7104) / None (CVE-2024-0232)
- **Integrity:** Low (CVE-2023-7104) / None (CVE-2024-0232)
- **Availability:** Low to High (Can result in a Denial of Service condition through application crashes).
## Remediation
### Patches
- **Update to V5.6 or later:** Siemens has released V5.6 to address these vulnerabilities by updating the integrated SQLite component.
- **Download Link:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109976555/
### Workarounds
- No specific software workarounds are provided; however, Siemens recommends following general security recommendations to limit exposure.
## Detection
- **Indicators of Compromise:** Unusual application crashes in the RUGGEDCOM CROSSBOW SAC service, specifically during database or session management operations.
- **Detection methods and tools:**
- Monitor system logs for SQLite-related errors or memory faults.
- Verify the installed version of RUGGEDCOM CROSSBOW SAC via the management interface or file versioning.
## References
- **Siemens Advisory:** hxxps://cert-portal.siemens[.]com/productcert/pdf/ssa-000297.pdf
- **Siemens Industrial Security Guidelines:** hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security
- **General Advisory Page:** hxxps://www.siemens[.]com/cert/advisories