Full Report
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Memory Corruption in RUGGEDCOM CROSSBOW SAC (SQLite Integration)
## CVE Details
- **CVE ID:** CVE-2025-6965
- **CVSS Score:** 7.7 (High) - CVSS v3.1 / 7.2 (High) - CVSS v4.0
- **CWE:** CWE-197: Numeric Truncation Error
## Affected Systems
- **Products:** RUGGEDCOM CROSSBOW Station Access Controller (SAC)
- **Versions:** All versions prior to V5.8
- **Configurations:** Systems utilizing the integrated SQLite component for database operations.
## Vulnerability Description
The RUGGEDCOM CROSSBOW SAC contains a memory corruption flaw inherited from an underlying SQLite vulnerability (versions before 3.50.2). The issue occurs when the number of aggregate terms in a query exceeds the number of available columns. This numeric truncation error can lead to memory corruption, potentially allowing an attacker to achieve arbitrary code execution or cause a Denial of Service (DoS) condition on the Station Access Controller.
## Exploitation
- **Status:** Not exploited (No known active exploitation or public PoC reported in advisory).
- **Complexity:** High (Requires specific conditions to trigger the truncation and subsequent memory corruption).
- **Attack Vector:** Network (Authenticated access is typically required as indicated by the PR:L CVSS metric).
## Impact
- **Confidentiality:** Low (Possible limited information disclosure).
- **Integrity:** High (Potential for unauthorized modification of data or arbitrary code execution).
- **Availability:** Low (Potential for service disruption/denial of service).
## Remediation
### Patches
- **Update to V5.8 or later:** Siemens has released RUGGEDCOM CROSSBOW SAC V5.8 to address this vulnerability. The update can be found at: hxxps://support.industry.siemens.com/cs/ww/en/view/110000841/
### Workarounds
- **Network Segmentation:** Protect network access to devices with appropriate mechanisms (firewalls, VLANs).
- **Hardening:** Follow Siemens’ operational guidelines for Industrial Security to operate the devices in a protected IT environment.
- **Access Control:** Ensure only authorized users have access to the SAC interface to mitigate the risk of authenticated exploitation.
## Detection
- **Indicators of Compromise:** Unexpected service restarts, memory faults in system logs, or irregular SQLite query errors.
- **Detection methods and tools:** Monitoring for unusual network traffic directed at the SAC and auditing database query logs for unusually complex aggregate terms.
## References
- **Siemens Security Advisory SSA-225816:** hxxps://cert-portal.siemens.com/productcert/html/ssa-225816.html
- **Siemens Industrial Security Guidelines:** hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hxxps://www.siemens.com/cert/advisories