PatchSiren cyber security CVE debrief
CVE-2025-23384 Cert Portal CVE debrief
CVE-2025-23384 is a network-reachable authentication flaw in multiple Siemens RUGGEDCOM and SCALANCE router and firewall families. The affected devices improperly validate usernames during OpenVPN authentication, which can allow partial invalid usernames to be accepted by the server. NVD rates the issue CVSS 6.3 (MEDIUM).
- Vendor
- Cert Portal
- Product
- Unknown
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2026-05-12
- Advisory published
- 2025-03-11
- Advisory updated
- 2026-05-12
Who should care
Organizations that use the listed Siemens RUGGEDCOM or SCALANCE devices for remote access, OT/industrial connectivity, or site-to-site VPN services should review exposure immediately, especially if OpenVPN is enabled on externally reachable interfaces.
Technical summary
According to the NVD record and the referenced Siemens advisory, affected devices mishandle username validation in OpenVPN authentication. The flaw can cause the server to accept partial invalid usernames, indicating a weakness in authentication parsing/verification rather than a post-authentication attack. The published CVSS vector shows a network-accessible issue with no privileges or user interaction required. The supplied corpus does not describe code execution, data theft, or a broader compromise outcome.
Defensive priority
Medium-to-high for any environment exposing OpenVPN on the listed devices. Prioritize if the devices support remote administrator access, cross-site VPN, or are reachable from untrusted networks; otherwise schedule promptly within normal patch cycles.
Recommended defensive actions
- Identify whether any listed RUGGEDCOM or SCALANCE models are in use, and confirm whether OpenVPN is enabled.
- Upgrade affected devices to the vendor-fixed versions noted in the advisory: V8.2.1 for the listed V8.2.x product lines, and V3.2 for the listed SCALANCE SC models.
- Restrict exposure of device management and VPN services to trusted networks until patching is complete.
- Review VPN authentication logs for unexpected username patterns or repeated failed/partial login attempts.
- If immediate upgrading is not possible, apply compensating controls such as network segmentation, access control lists, and limited administrative reachability.
- Track the Siemens advisory and NVD record for any follow-up guidance or version clarifications.
Evidence notes
The supplied NVD record states the vulnerability was published on 2025-03-11 and modified on 2026-05-12. NVD lists the vulnerability status as Deferred, a CVSS v4.0 base score of 6.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N, and CWE-187. The NVD reference points to Siemens ProductCERT advisory SSA-280834 at cert-portal.siemens.com. No KEV entry or ransomware association is present in the supplied corpus.
Official resources
-
CVE-2025-23384 CVE record
CVE.org
-
CVE-2025-23384 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Publicly disclosed in the NVD record on 2025-03-11, with a Siemens ProductCERT advisory referenced by NVD. The supplied corpus does not indicate inclusion in CISA KEV or any known ransomware campaign.