CVE-2022-45887 Siemens CVE debrief

Who should care

Organizations operating Siemens TIM 1531 IRC industrial communication modules in manufacturing, energy, or critical infrastructure environments. System administrators responsible for embedded Linux systems using DVB USB drivers. Security teams monitoring industrial control system (ICS) asset inventories and vulnerability management programs.

Technical summary

The vulnerability resides in the ttusb_dec.c driver within the Linux kernel's DVB (Digital Video Broadcasting) USB subsystem. The driver fails to call dvb_frontend_detach() during cleanup operations, resulting in a memory leak when the device is detached or the driver is unloaded. This affects Siemens TIM 1531 IRC devices, which use embedded Linux kernels incorporating this driver. The memory leak can be triggered by repeated attach/detach cycles or driver reloads, eventually exhausting system memory and causing denial-of-service. The attack requires local access with low privileges but is mitigated by high attack complexity.

Defensive priority

medium

Recommended defensive actions

• Apply vendor firmware update to version V2.4.8 or later for affected Siemens TIM 1531 IRC devices
• Review and implement CISA ICS recommended practices for defense-in-depth security
• Monitor for anomalous memory consumption patterns on affected systems
• Restrict local access to industrial control systems to authorized personnel only
• Verify kernel component versions in embedded Linux systems against known vulnerable ranges

Evidence notes

The vulnerability description is sourced from CISA ICS Advisory ICSA-24-165-06, which references Siemens Security Advisory SSA-337522. The affected products are Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) and TIM 1531 IRC (6GK7543-1MX00-0XE0). The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with high attack complexity, requiring low privileges but no user interaction, resulting in high availability impact.

Official resources