CVE-2022-3623 Siemens CVE debrief

Who should care

Organizations operating Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP communication processors in industrial environments should prioritize patching. System integrators, OT security teams, and asset owners in manufacturing, energy, and critical infrastructure sectors using these devices for industrial Ethernet communications are affected.

Technical summary

The vulnerability exists in the follow_page_pte function of mm/gup.c within the Linux Kernel's BPF (Berkeley Packet Filter) component. A race condition can be triggered remotely, potentially allowing attackers to manipulate system state. The CVSS 3.1 vector indicates network attack vector with high attack complexity, requiring low privileges and no user interaction, with low impacts to confidentiality, integrity, and availability.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to version 2.3 or later for affected Siemens SIMATIC and SIPLUS communication processors
• Review and implement CISA ICS recommended practices for industrial control system security
• Monitor Siemens ProductCERT portal for additional security updates and guidance
• Assess network segmentation to limit remote attack vectors against affected devices
• Validate that security patches have been successfully applied through firmware version verification

Evidence notes

The vulnerability was disclosed in CISA advisory ICSA-24-165-10 on June 11, 2024, with Siemens publishing security advisory SSA-625862. The issue stems from a race condition in the Linux Kernel's BPF subsystem that was previously identified as VDB-211921.

Official resources