CVE-2022-45919 Siemens CVE debrief

Who should care

Organizations operating Siemens TIM 1531 IRC industrial communication modules, particularly in critical infrastructure and manufacturing environments. System administrators responsible for Linux-based industrial control systems and OT security teams monitoring kernel-level vulnerabilities in embedded industrial devices.

Technical summary

The vulnerability exists in the DVB CA (Common Interface) EN50221 driver within the Linux kernel media subsystem. The driver fails to properly synchronize between open and disconnect operations, lacking a wait_event call that would prevent race conditions. When a disconnect occurs after an open operation, the driver may access freed memory, resulting in a use-after-free condition. This vulnerability is exploitable with local access and low privileges, with high impact to confidentiality, integrity, and availability. The CVSS 3.1 vector indicates attack complexity is high due to race condition requirements, but successful exploitation yields complete system compromise.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor firmware update to version V2.4.8 or later for affected Siemens TIM 1531 IRC devices
• Review and implement CISA ICS recommended practices for industrial control system security
• Monitor Siemens ProductCERT portal for additional security advisories related to TIM 1531 IRC products
• Assess network segmentation to limit exposure of affected industrial communication devices
• Verify kernel version in use and ensure timely patching of Linux-based industrial systems

Evidence notes

The vulnerability is documented in CISA CSAF advisory ICSA-24-165-06, which references Siemens security advisory SSA-337522. The flaw stems from missing wait_event synchronization in the DVB CA EN50221 kernel driver, allowing use-after-free conditions during disconnect-after-open sequences.

Official resources