PatchSiren cyber security CVE debrief
CVE-2023-1670 Siemens CVE debrief
CVE-2023-1670 is a HIGH-severity use-after-free described in the supplied advisory corpus as affecting Siemens SCALANCE product variants listed in the CISA/Siemens advisory chain. The source material says a local user could crash the system or potentially escalate privileges, and Siemens recommends updating affected products to V3.0.0 or later. The supplied record was published on 2025-02-11 and revised on 2025-05-06 for typo fixes.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT/ICS operators using the listed Siemens SCALANCE WAB/WAM/WUB/WUM devices, plus plant engineers, patch managers, and security teams responsible for local access controls and maintenance windows.
Technical summary
The supplied CVE description characterizes CVE-2023-1670 as a Linux kernel use-after-free in the Xircom 16-bit PCMCIA Ethernet driver, with impact limited to local attackers but including possible system crash and privilege escalation. The advisory corpus also maps the issue to 19 Siemens SCALANCE product variants and provides a vendor remediation path to V3.0.0 or later. The CVSS vector in the source is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which aligns with a locally exploitable issue that can still have high confidentiality, integrity, and availability impact.
Defensive priority
High priority for affected Siemens SCALANCE deployments. Even though exploitation is local, the combination of possible privilege escalation, system crash risk, and the availability of a vendor fix makes prompt remediation important.
Recommended defensive actions
- Inventory Siemens SCALANCE devices and confirm whether any of the 19 product variants listed in the advisory are present.
- Plan and apply the Siemens-recommended update to V3.0.0 or later for affected products.
- Restrict local access to affected systems and review who has shell, console, or administrative access.
- Use maintenance windows and change control appropriate for OT environments before deploying firmware or software updates.
- Follow CISA industrial control system defense-in-depth guidance while remediation is pending.
Evidence notes
This debrief is grounded in the supplied CISA CSAF source item ICSA-25-044-09 and its Siemens references. The source corpus contains a notable context mismatch: the advisory title is about Siemens SCALANCE W700 IEEE 802.11ax, while the vulnerability description text references a Linux kernel Xircom 16-bit PCMCIA Ethernet driver use-after-free. Because the task requires using only the supplied corpus, the debrief reflects the advisory mapping and remediation exactly as provided. No KEV listing was supplied for this CVE.
Official resources
-
CVE-2023-1670 CVE record
CVE.org
-
CVE-2023-1670 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published in the supplied CISA CSAF source on 2025-02-11 and revised on 2025-05-06 for typo fixes. The supplied enrichment does not list this CVE in CISA KEV.