CVE-2023-37372 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: How do I fix CVE-2023-37372?

1. Download RUGGEDCOM CROSSBOW V5.4 from Siemens support portal. 2. Backup current configuration and database. 3. Install the update following vendor documentation. 4. Restart the CROSSBOW application/services.

Q: What is the severity of CVE-2023-37372?

CVE-2023-37372 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries on RUGGEDCOM CROSSBOW server databases. It affects all versions before V5.4, potentially exposing sensitive data and system control. Organizations using these industrial network management systems are at risk.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries on RUGGEDCOM CROSSBOW server databases. It affects all versions before V5.4, potentially exposing sensitive data and system control. Organizations using these industrial network management systems are at risk.

💻 Affected Systems

Products:

RUGGEDCOM CROSSBOW

Versions: All versions < V5.4

Operating Systems: Not specified - application-specific vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the CROSSBOW network management system used with RUGGEDCOM industrial networking devices.

📦 What is this software?

Ruggedcom Crossbow by Siemens

View all CVEs affecting Ruggedcom Crossbow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, system manipulation, and potential lateral movement to connected industrial control systems.

🟠

Likely Case

Data exfiltration of sensitive configuration information, user credentials, and network topology details.

🟢

If Mitigated

Limited impact with proper network segmentation and database permissions, though SQL injection remains possible.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, unauthenticated access allows attackers with network foothold to exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially with unauthenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.4

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf

Restart Required: Yes

Instructions:

1. Download RUGGEDCOM CROSSBOW V5.4 from Siemens support portal. 2. Backup current configuration and database. 3. Install the update following vendor documentation. 4. Restart the CROSSBOW application/services.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CROSSBOW systems from untrusted networks and internet access

Access Control

all

Implement strict firewall rules to limit access to CROSSBOW web interface

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection protection rules
Monitor database queries for suspicious patterns and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check CROSSBOW version in web interface or application settings. If version is below V5.4, system is vulnerable.

Check Version:

Check via CROSSBOW web interface: Login > System Information > Version

Verify Fix Applied:

Confirm version is V5.4 or higher in application settings and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by SQL-like requests
Unexpected database schema changes

Network Indicators:

SQL keywords in HTTP requests to CROSSBOW endpoints
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND (url="*CROSSBOW*" OR app="CROSSBOW") AND (request="*SELECT*" OR request="*UNION*" OR request="*INSERT*" OR request="*DELETE*")

📊 Metadata

CVE ID: CVE-2023-37372

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-472630.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37372, you might also want to check these: