PatchSiren cyber security CVE debrief
CVE-2025-39715 Cert Portal CVE debrief
CVE-2025-39715 is described in the supplied advisory corpus as a Linux kernel PARISC gateway LWS access-check flaw, republished by CISA in Siemens advisory ICSA-26-134-10. The source says the gateway path used load/stbys,e instructions to detect memory-reference interruptions, but those read-access interruptions are only triggered at privilege levels 2 and 3. Because the kernel and gateway page execute at privilege level 0, the check could be bypassed and user code could reach an LWS compare-and-swap operation at an address that should be read-protected at privilege level 3. Siemens maps the issue to SIMATIC CN 4100 versions below 5.0 and recommends updating to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators responsible for Siemens SIMATIC CN 4100 deployments and teams maintaining affected Linux kernel/PARISC-based systems should review this issue, especially where local users or services can execute code on the device. The product mapping in the corpus is low-confidence and should be validated against Siemens advisory materials before actioning fleet-wide changes.
Technical summary
The vulnerability is a local-access control issue in the parisc gateway LWS call path. According to the source, the kernel attempted to rely on memory-reference interruptions from load/stbys,e instructions to enforce read access, but those interruptions do not occur when the code runs at privilege level 0. As a result, the access check did not correctly detect read-protected user addresses. The fix is to probe read access rights at privilege level 3 and branch to lws_fault when access is not allowed. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, which corresponds to a medium-severity issue with local attack prerequisites and high availability impact.
Defensive priority
Medium — prioritize normal patch cycles for affected Siemens assets, with higher urgency if the system is exposed to local user execution or is operationally sensitive.
Recommended defensive actions
- Update affected Siemens SIMATIC CN 4100 systems to V5.0 or later, as directed in the supplier remediation.
- Verify whether the Siemens product mapping applies to your environment, since the source description is a Linux kernel PARISC fix note republished in an ICS advisory.
- Use the linked CISA and Siemens advisory pages to confirm affected versions, deployment scope, and any vendor-specific operational guidance before scheduling maintenance.
Evidence notes
Dates and severity are taken from the supplied timeline and source item: published 2026-05-12 and modified 2026-05-14. The corpus ties the CVE to CISA advisory ICSA-26-134-10, republished from Siemens ProductCERT SSA-032379, and includes a remediation to update to version V5.0 or later. The description text itself is a Linux kernel PARISC gateway access-check explanation; the Siemens product association in the corpus is therefore treated as low-confidence and should be reviewed. No KEV listing was provided in the source data.
Official resources
-
CVE-2025-39715 CVE record
CVE.org
-
CVE-2025-39715 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-05-12 and republished it on 2026-05-14. The supplied data does not include a KEV listing. Because the advisory text is a Linux kernel PARISC fix note while the product mapping points to Siemens SIMATIC CN