PatchSiren cyber security CVE debrief
CVE-2022-2663 Siemens CVE debrief
CVE-2022-2663 describes a Linux kernel nf_conntrack_irc message-handling issue that can cause IRC traffic to be matched incorrectly. In Siemens’ advisory context, this could allow a firewall bypass when unencrypted IRC is used and nf_conntrack_irc is configured. Siemens lists multiple SCALANCE W-series products as affected and recommends updating to V3.0.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SCALANCE WAB/WAM/WUB/WUM wireless devices, especially OT/ICS teams, network and firewall administrators, and anyone permitting IRC traffic across segmented networks. The risk is most relevant where unencrypted IRC is allowed and connection tracking for IRC is enabled.
Technical summary
The underlying flaw is in Linux kernel nf_conntrack_irc, where IRC message handling can be confused and a message may be matched incorrectly. In the Siemens advisory, the practical security impact is a potential firewall bypass in environments that use unencrypted IRC with nf_conntrack_irc configured. The CSAF advisory maps this issue to 19 Siemens SCALANCE product variants and assigns a CVSS v3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Defensive priority
Medium priority for exposed Siemens SCALANCE deployments; prioritize quickly if unencrypted IRC is allowed or if the affected devices sit on trusted network boundaries.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V3.0.0 or later using the vendor guidance.
- Inventory all listed SCALANCE WAB/WAM/WUB/WUM variants and confirm firmware versions.
- Review whether unencrypted IRC is permitted anywhere in the environment; if not required, block it at network controls.
- Verify that nf_conntrack_irc is only enabled where operationally necessary and is covered by compensating controls.
- Recheck firewall and segmentation rules around OT/ICS zones to ensure IRC cannot traverse trust boundaries unexpectedly.
- Use Siemens and CISA advisory references to confirm product applicability and remediation status before scheduling maintenance.
Evidence notes
Source evidence comes from CISA CSAF ICSA-25-044-09 and Siemens advisory SSA-769027. The advisory states that the issue can be confused in nf_conntrack_irc and may permit firewall bypass when users are using unencrypted IRC with nf_conntrack_irc configured. The remediations section specifies updating to V3.0.0 or later for the affected Siemens SCALANCE products. No Known Exploited Vulnerabilities (KEV) entry was supplied.
Official resources
-
CVE-2022-2663 CVE record
CVE.org
-
CVE-2022-2663 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the source advisory on 2025-02-11 and later revised it on 2025-05-06 for typo fixes. The supplied enrichment indicates this is not a CISA KEV-listed vulnerability.