PatchSiren cyber security CVE debrief
CVE-2022-42329 Siemens CVE debrief
CVE-2022-42329 is a medium-severity (CVSS 5.5) deadlock vulnerability in the Linux xen-netback driver that can be triggered by guest virtual machines. The issue occurs when packets are dropped for reasons other than XSA-392 handling while netpoll is active on the interface connected to the xen-netback driver. This vulnerability is related to CVE-2022-42328, which introduced a similar deadlock through the XSA-392 patch. The vulnerability was published on June 11, 2024, and affects Siemens SIMATIC and SIPLUS industrial communication processors. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Organizations running virtualized industrial environments using Xen hypervisor with netback drivers, particularly those operating Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP CP communication modules. System administrators managing OT/ICS networks with paravirtualized networking configurations should prioritize firmware updates.
Technical summary
This vulnerability exists in the Linux xen-netback driver, which provides network backend support for Xen paravirtualized guests. When packets are dropped for reasons other than XSA-392 handling, and netpoll is active on the interface, a deadlock can occur during SKB (socket buffer) deallocation. The deadlock results from improper locking semantics when freeing dropped packets under specific network polling conditions. This is a local vulnerability requiring low privileges but can cause high availability impact through system hangs. The issue affects Siemens industrial communication processors that incorporate the vulnerable driver code.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP CP variants to firmware version V2.3 or later
- Review virtualization infrastructure for use of Xen netback driver configurations
- Monitor for system hangs or unresponsiveness in network-backed guest environments
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Verify netpoll configurations on affected interfaces as potential trigger condition
Evidence notes
The vulnerability description indicates this is a deadlock condition in the Linux netback driver specifically related to SKB (socket buffer) freeing when packets are dropped while netpoll is active. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C) confirms local attack vector with low attack complexity, requiring low privileges, with high availability impact. The source is a CISA CSAF advisory (ICSA-24-165-10) cross-referencing Siemens security advisory SSA-625862.
Official resources
-
CVE-2022-42329 CVE record
CVE.org
-
CVE-2022-42329 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11