CVE-2023-2194 Siemens CVE debrief

Who should care

Operators, administrators, and support teams responsible for the affected Siemens SCALANCE WAB/WAM/WUB/WUM wireless devices should prioritize this issue, especially in industrial and OT environments where privileged local access may exist.

Technical summary

The flaw is a bounds-checking failure in the Linux kernel SLIMpro I2C driver. A userspace-controlled byte, data->block[0], was not limited to the expected 0-255 range before being used as the size argument to memcpy. That can produce an out-of-bounds write beyond dma_buffer. The advisory rates the issue CVSS 3.1 6.7/Medium with local attack vector, high privileges required, and high integrity/availability impact.

Defensive priority

High for exposed affected assets. The attack requires local privileged access, but the consequence is memory corruption with potential system crash or code execution, and vendor remediation is available.

Recommended defensive actions

• Update affected Siemens products to V3.0.0 or later, per the vendor remediation guidance.
• Inventory the listed SCALANCE models to confirm whether any affected product IDs are deployed.
• Limit and monitor privileged local access on affected devices until remediation is complete.
• Apply changes during a maintenance window and verify device stability after updating.
• Use established ICS defense-in-depth and segmentation practices to reduce the impact of local compromise.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-044-09 and the linked Siemens advisory materials. The source text states the vulnerability is an out-of-bounds write in the Linux kernel SLIMpro I2C driver, caused by an uncapped data->block[0] value used in memcpy, with possible crash or code execution. The advisory publication date used here is 2025-02-11, and the 2025-05-06 revision is described as typo fixes only.

Official resources