Login Sign Up

CVE-2023-27463

8.8 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in RUGGEDCOM CROSSBOW allows authenticated remote attackers to execute arbitrary SQL queries on the server database. It affects all versions before V5.3 of the software, potentially compromising data integrity and confidentiality.

💻 Affected Systems

Products:
  • RUGGEDCOM CROSSBOW
Versions: All versions < V5.3
Operating Systems: Not specified, likely embedded/industrial OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access; affects audit log functionality specifically.

📦 What is this software?

Ruggedcom Crossbow by Siemens

View all CVEs affecting Ruggedcom Crossbow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to data theft, manipulation, or deletion; potential privilege escalation to system-level access.

🟠

Likely Case

Data exfiltration, unauthorized data modification, or database corruption by authenticated attackers.

🟢

If Mitigated

Limited impact if proper input validation and database permissions are enforced, though SQL injection attempts may still cause service disruption.

🌐 Internet-Facing: HIGH if exposed to internet with authenticated users, as remote exploitation is possible.
🏢 Internal Only: HIGH for internal networks, as authenticated users can exploit the vulnerability locally.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection typically has low complexity; requires authenticated access as noted in description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.3

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-320629.pdf

Restart Required: Yes

Instructions:

1. Download V5.3 update from Siemens support portal. 2. Backup current configuration. 3. Apply update following vendor instructions. 4. Restart system. 5. Verify update success.

🔧 Temporary Workarounds

Restrict Database Permissions

all

Limit database user permissions to read-only for audit log functions to reduce impact.

Network Segmentation

all

Isolate RUGGEDCOM CROSSBOW systems from untrusted networks and limit access to authenticated users only.

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries at application layer if source code access is available.
  • Monitor and alert on unusual database queries or audit log access patterns.

🔍 How to Verify

Check if Vulnerable:

Check current software version in system administration interface; if version is below V5.3, system is vulnerable.

Check Version:

Check via web interface or CLI command specific to RUGGEDCOM CROSSBOW (vendor documentation required).

Verify Fix Applied:

Confirm version is V5.3 or higher in system administration interface after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in audit logs
  • Multiple failed login attempts followed by SQL-like strings in requests

Network Indicators:

  • SQL injection patterns in HTTP requests to audit log endpoints

SIEM Query:

source="RUGGEDCOM" AND (event="SQL_ERROR" OR message="*sql*" OR message="*injection*")

📊 Metadata

CVE ID: CVE-2023-27463
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: March 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27463, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)