Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Critical Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW, Patch Immediately!
Image
Publié : 09/08/2023
Reference:
Advisory #2023-94
Version:
1.0
Affected software:
SIEMENS RUGGEDCOM CROSSBOW versions V5.4
Type:
SQL Injection Vulnerability, Denial of Service (DOS), Arbitrary file writes
CVE/CVSS:
CVE-2021-31239 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
CVE-2022-37971 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
CVE-2023-27411 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
CVE-2023-37372 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
CVE-2023-37373 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)
Sources
https://cert-portal.siemens.com/productcert/html/ssa-472630.html
Risks
Siemens fixed several vulnerabilities In RUGGEDCOM CROSSBOW. These vulnerabilities could allow an attacker to perform SQL Injection attacks, create a Denial of Service (DOS) condition or write arbitrary files to the system. These vulnerabilities impact ALL vertices of the CIA triad
Description
Multiple vulnerabilities have been fixed in V5.4 of RUGGEDCOM CROSSBOW. The most severe vulnerability (CVE-2023-37372) has a CVSS score of 9.8. An attacker could use these vulnerabilities to remotely compromise the system and gain elevated privileges.
CVE-2021-31239 CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
SQLite3 v.3.35.4 could allow a remote attacker to cause a denial of service.
CVE-2022-37971 CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Microsoft Windows Defender Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability could result in specific limited SYSTEM privileges.
CVE-2023-27411 CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Authenticated remote execution of arbitrary SQL queries on the server database and escalate privileges.
CVE-2023-37372 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Unauthenticated remote execution of arbitrary SQL queries on the server database.
CVE-2023-37373 CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C) Unauthenticated remote arbitrary file writes to the application’s file system.
Recommended Actions
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems to V5.4 or later version as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://ccb.belgium.be/cert/report-incident.