PatchSiren cyber security CVE debrief
CVE-2023-1118 Siemens CVE debrief
CVE-2023-1118 is a high-severity local use-after-free in the Linux kernel’s integrated infrared receiver/transceiver driver. According to the advisory corpus, a local user detaching an rc device could trigger a crash and potentially gain elevated privileges. CISA’s CSAF advisory ties the issue to multiple Siemens SCALANCE W700 IEEE 802.11ax products and points to Siemens’ fix guidance to update to V3.0.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Siemens SCALANCE W700 owners, OT/industrial network operators, asset managers, patch coordinators, and security teams responsible for embedded Linux-based network appliances should prioritize this advisory, especially where local access to affected devices is possible.
Technical summary
The CVE description identifies a use-after-free in the Linux kernel integrated infrared receiver/transceiver driver during user detachment of an rc device. The supplied CSAF advisory maps CVE-2023-1118 to 19 Siemens SCALANCE WAB/WAM/WUB/WUM product variants and recommends updating affected devices to V3.0.0 or later. The reported impact is local denial of service and possible privilege escalation, consistent with the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High. The flaw is locally exploitable, affects industrial networking products, and the advisory indicates potential privilege escalation in addition to crashes. If any affected SCALANCE devices are deployed, remediation should be scheduled promptly and treated as a priority maintenance item.
Recommended defensive actions
- Inventory Siemens SCALANCE WAB/WAM/WUB/WUM devices and confirm whether any listed model is deployed.
- Check installed firmware/software versions against Siemens advisory SSA-769027 and update affected devices to V3.0.0 or later.
- Restrict local access to affected devices to trusted administrators only until remediation is complete.
- Monitor for unexpected crashes, service interruptions, or abnormal device behavior on affected equipment.
- Use the Siemens and CISA advisory links to verify model-specific remediation guidance before scheduling maintenance.
Evidence notes
Source corpus links the CVE to Siemens via CISA CSAF advisory ICSA-25-044-09 and Siemens product security advisory SSA-769027. The advisory lists 19 affected SCALANCE product variants and a vendor fix of V3.0.0 or later. The CVE was published on 2025-02-11 and the only modification in the provided timeline is a 2025-05-06 revision described as typo fixes. No KEV entry is present in the supplied corpus.
Official resources
-
CVE-2023-1118 CVE record
CVE.org
-
CVE-2023-1118 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory date in the supplied corpus: 2025-02-11. The provided revision history shows a follow-up update on 2025-05-06 for typo fixes only. No Known Exploited Vulnerabilities (KEV) listing was supplied.