PatchSiren cyber security CVE debrief
CVE-2022-42328 Siemens CVE debrief
CVE-2022-42328 is a medium-severity vulnerability in the Linux netback driver that can be triggered by guest virtual machines to cause a deadlock condition. The vulnerability was introduced by the patch for XSA-392, which created a race condition when attempting to free the socket buffer (SKB) of a packet dropped due to XSA-392 handling. This results in a denial-of-service condition through system deadlock. The vulnerability affects Siemens SIMATIC and SIPLUS industrial control system products that incorporate the vulnerable Linux kernel components. The issue was published on June 11, 2024, with a CVSS 3.1 score of 5.5 (MEDIUM severity). Siemens has released firmware updates to address this vulnerability.
- Vendor
- Siemens
- Product
- SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, and SIPLUS ET 200SP CP industrial communication modules in virtualized Xen environments should prioritize this update. System administrators managing industrial control systems with guest VMs, security teams responsible for OT/ICS infrastructure, and organizations subject to NERC CIP or other industrial cybersecurity regulations should assess exposure and apply patches according to their change management procedures.
Technical summary
CVE-2022-42328 is a deadlock vulnerability in the Linux netback (xen-netback) driver that affects virtualized environments using Xen. The vulnerability was inadvertently introduced by the security patch for XSA-392, creating a race condition when freeing socket buffers (SKBs) of packets dropped during XSA-392 handling. A malicious or compromised guest virtual machine can trigger this deadlock, resulting in a denial-of-service condition. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM) with a local attack vector, low attack complexity, and low privilege requirements. The primary impact is to availability (HIGH). Siemens has identified multiple SIMATIC and SIPLUS industrial communication processors as affected products, with firmware version 2.3 or later providing remediation.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 2.3 or later for affected Siemens SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, and SIPLUS ET 200SP CP products
- Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
- Monitor for anomalous behavior in virtualized guest environments that may indicate exploitation attempts
- Consider network segmentation to limit exposure of vulnerable industrial control systems
- Evaluate the need for temporary workarounds if patches cannot be immediately applied, following organizational change management procedures
Evidence notes
The vulnerability description indicates this is a deadlock condition in the Linux netback driver introduced by a previous security patch (XSA-392). The source material from CISA CSAF advisory ICSA-24-165-10 identifies affected Siemens industrial control products. The CVSS vector indicates local attack vector with low attack complexity, requiring low privileges but no user interaction. The vulnerability results in high availability impact.
Official resources
-
CVE-2022-42328 CVE record
CVE.org
-
CVE-2022-42328 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11