CVE-2022-3524 Siemens CVE debrief

Who should care

Operators and defenders responsible for Siemens SCALANCE WAB/WAM/WUB/WUM devices, especially industrial networks where the affected products may be externally reachable or broadly deployed.

Technical summary

The supplied advisory corpus ties CVE-2022-3524 to a Linux kernel IPv6 Handler flaw affecting Siemens SCALANCE wireless products. The issue is described as a memory leak in ipv6_renew_options and is remotely attackable, with the published CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3, Medium). Siemens lists 19 affected product variants and directs customers to update to V3.0.0 or later.

Defensive priority

Elevated for exposed or operationally critical Siemens SCALANCE deployments; otherwise moderate because the published severity is Medium.

Recommended defensive actions

• Update affected Siemens SCALANCE products to V3.0.0 or later as directed by Siemens.
• Inventory SCALANCE WAB/WAM/WUB/WUM deployments and verify exact model numbers against the advisory's affected product list.
• Prioritize remediation for devices that are network-reachable or used in sensitive industrial environments.
• Review Siemens advisory guidance and CISA industrial control system recommended practices for layered defense and exposure reduction.
• Confirm whether compensating controls such as segmentation and access restriction are in place until patching is complete.

Evidence notes

CISA’s CSAF advisory ICSA-25-044-09 and Siemens advisory SSA-769027 identify 19 affected Siemens SCALANCE product variants and recommend updating to V3.0.0 or later. The CVE description attributes the flaw to the Linux kernel function ipv6_renew_options and states that manipulation can lead to a memory leak via remote attack. The supplied timeline shows publication on 2025-02-11 and a 2025-05-06 revision that only fixed typos.

Official resources