PatchSiren cyber security CVE debrief
CVE-2022-48174 Siemens CVE debrief
CVE-2022-48174 is a high-severity BusyBox shell vulnerability that Siemens republishes for several industrial networking products in its SINEC OS / SCALANCE / RUGGEDCOM portfolio. The source advisory describes a stack overflow in ash.c:6030 in BusyBox before 1.35, with the potential for arbitrary code execution in the affected environment. Siemens’ remediation is to update affected products to V3.3 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
OT/ICS defenders, Siemens product owners, plant and infrastructure network administrators, and vulnerability management teams responsible for affected Siemens SINEC OS, SCALANCE, and RUGGEDCOM devices.
Technical summary
The advisory maps CVE-2022-48174 to a BusyBox ash stack overflow (ash.c:6030) present in BusyBox versions before 1.35. The CISA CSAF republication, based on Siemens ProductCERT advisory SSA-089022, lists multiple affected Siemens industrial networking products and states that firmware/update remediation is available. The provided CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating meaningful impact if a local user action can trigger the flaw in the affected deployment.
Defensive priority
High. The CVSS score is 7.8 and the source notes potential arbitrary code execution. In OT environments, even locally triggered flaws can be operationally significant because affected devices may be management-plane or edge components supporting critical connectivity.
Recommended defensive actions
- Identify whether any Siemens devices in scope match the affected product families listed in the advisory.
- Check installed firmware/software versions against Siemens advisory SSA-089022 and CISA advisory ICSA-26-043-06.
- Upgrade affected products to V3.3 or later, per the vendor remediation guidance.
- Prioritize devices that are exposed to administrative users or other local interactive access paths.
- Restrict access to management interfaces and limit who can trigger shell or maintenance functions.
- Apply OT change-control and maintenance-window procedures before remediation, and verify backups and rollback plans.
- Monitor Siemens and CISA advisory updates for any product-scope clarifications or remediation changes.
Evidence notes
This debrief is based only on the supplied CISA CSAF source item and its embedded Siemens references. The source explicitly states the BusyBox ash stack overflow condition, the affected Siemens product families, and the remediation to update to V3.3 or later. The timeline uses the supplied advisory publication and modification dates from the source corpus; no independent disclosure date is inferred.
Official resources
-
CVE-2022-48174 CVE record
CVE.org
-
CVE-2022-48174 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory on 2026-01-28 and updated it on 2026-02-25, with the latest republication based on Siemens ProductCERT advisory SSA-089022. The source corpus does not provide the original vulnerability disclosure date.