CVE-2025-6052 Cert Portal CVE debrief

Who should care

Asset owners, OT administrators, and patch-management teams responsible for Siemens SIMATIC CN 4100 devices should care, especially if they operate versions earlier than V5.0. Security teams should also review whether any embedded software in their environment includes the affected GLib component. Because the supplied vendor mapping is low confidence, inventory validation is important before prioritizing remediation.

Technical summary

The advisory describes an integer-overflow-style flaw in the GString memory-growth path: when a string is already very large, adding more data can overflow the internal size calculation. If the computed size wraps, the code may believe the allocation is sufficient when it is not, creating a path to writing past the end of allocated memory. The supplied CVSS vector (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates network reachability, high attack complexity, no privileges, no user interaction, and limited availability impact. The source metadata ties this to Siemens SIMATIC CN 4100 versions before V5.0, but that product attribution is marked low confidence in the supplied data.

Defensive priority

Routine patch priority, with higher urgency if the affected Siemens product is present in operational or safety-critical environments. The severity is low and the supplied data does not indicate KEV inclusion, but a vendor fix is available and memory corruption in OT-adjacent systems can still create reliability risk.

Recommended defensive actions

• Verify whether Siemens SIMATIC CN 4100 devices or related components are deployed in your environment.
• If affected versions are present, update to Siemens V5.0 or later as recommended in the advisory.
• Cross-check the vendor/product mapping against Siemens ProductCERT SSA-032379 before scheduling remediation, because the supplied vendor attribution is marked low confidence.
• If immediate patching is not possible, limit management access to the device and monitor for crashes, restarts, or other stability issues.
• Track CISA ICSA-26-134-10 and Siemens advisory updates for any revision changes or follow-on guidance.

Evidence notes

All substantive claims here are drawn from the supplied CISA CSAF source item for ICSA-26-134-10 and its referenced Siemens ProductCERT advisory. The source describes a GLib GString size-calculation overflow that can cause memory corruption or crashes, and it lists remediation as upgrading to V5.0 or later. The supplied metadata also includes the CVSS vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L and marks the vendor/product attribution as low confidence and needing review. Timeline context uses the provided publication and modification dates only: 2026-05-12 and 2026-05-14.

Official resources