PatchSiren cyber security CVE debrief
CVE-2023-1073 Siemens CVE debrief
CVE-2023-1073 is a Linux kernel memory corruption issue in the HID subsystem that can be triggered when a malicious USB device is inserted. In Siemens' advisory for affected SCALANCE products, the issue is rated medium severity and can let a local or physically present attacker crash the device and potentially escalate privileges. Siemens identifies 19 affected SCALANCE models and provides a vendor fix path.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 6.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT/ICS operators and administrators responsible for the affected Siemens SCALANCE models, especially teams that manage physical access, USB/service-port exposure, firmware updates, and local administrative access.
Technical summary
The supplied CISA CSAF advisory (ICSA-25-044-09) and Siemens security notice describe a memory corruption flaw in the Linux kernel HID subsystem. The trigger is insertion of a malicious USB device. The CVSS vector provided in the source is CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which indicates the attacker needs physical/local access and some privileges, but the impact can include crash and possible privilege escalation. Siemens lists 19 affected SCALANCE products and recommends updating to V3.0.0 or later.
Defensive priority
Medium: prioritize remediation where affected SCALANCE devices are deployed in sensitive OT environments or where physical USB access cannot be tightly controlled. The attack requires physical/local access, but the potential impact includes device disruption and privilege escalation.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V3.0.0 or later, per the vendor remediation.
- Inventory deployed SCALANCE models against the advisory's 19 affected product names and verify current versions.
- Restrict physical access to devices and any USB or service interfaces that could be used to insert malicious peripherals.
- Apply OT defense-in-depth practices, including least privilege for local administrative accounts and segmented management access.
- Watch for unexplained crashes or abnormal behavior associated with device insertion events and follow vendor incident-response guidance if observed.
Evidence notes
Primary evidence comes from CISA's CSAF advisory ICSA-25-044-09, published 2025-02-11 and revised 2025-05-06 with typo-only corrections. The advisory names Siemens as vendor, lists 19 affected SCALANCE products, and cites remediation to update to V3.0.0 or later. The source description states the flaw is a Linux kernel HID memory corruption issue triggered by a malicious USB device, with crash and possible privilege-escalation impact. No KEV entry is included in the supplied data.
Official resources
-
CVE-2023-1073 CVE record
CVE.org
-
CVE-2023-1073 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-02-11 and issued a revision on 2025-05-06 that fixed typos only.