SSA-994087 — Vulnetix

SSA-994087 PUBLISHED CVSS 8.300000190734863 HIGH

An integer overflow can be triggered in SQLite's 'concat_ws()' function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be triggered. This can result in arbitrary code execution.

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Siemens	RUGGEDCOM CROSSBOW Station Access Controller (SAC)

Timeline

Aug 12, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-994087.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-994087.html advisory
https://support.industry.siemens.com/cs/ww/en/view/109989951/ patch

Open in Interactive Console →