PatchSiren cyber security CVE debrief
CVE-2023-26553 Siemens CVE debrief
CVE-2023-26553 is a medium-severity out-of-bounds write vulnerability in the Network Time Protocol (NTP) reference implementation, specifically affecting the mstolfp function in libntp/mstolfp.c within NTP 4.2.8p15. The vulnerability occurs when copying trailing numbers, potentially allowing an adversary to attack a client ntpq process. Notably, the ntpd daemon itself is not affected by this vulnerability. The issue was published on June 11, 2024, and affects Siemens SITOP UPS1600 industrial power supply units with Ethernet/PROFINET interfaces, including multiple variants (10A, 20A, 40A, and EX 20A models). Siemens has released firmware version 2.5.4 or later to address this vulnerability. The CVSS 3.1 score of 5.6 reflects network attack vector with high attack complexity, requiring no privileges or user interaction, with low impacts to confidentiality, integrity, and availability. Organizations should prioritize updating affected Siemens devices and review network segmentation for NTP client processes.
- Vendor
- Siemens
- Product
- SITOP UPS1600 10 A Ethernet/ PROFINET (6EP4134-3AB00-2AY0)
- CVSS
- MEDIUM 5.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SITOP UPS1600 industrial power supplies in manufacturing, critical infrastructure, and industrial automation environments. Security teams managing NTP infrastructure in OT/ICS networks. Asset owners responsible for maintaining firmware currency in industrial control systems.
Technical summary
The mstolfp function in libntp/mstolfp.c within NTP 4.2.8p15 contains an out-of-bounds write vulnerability triggered when copying trailing numbers. This affects only the client-side ntpq utility, not the ntpd server daemon. The vulnerability is exploitable over the network with high attack complexity, requiring no authentication or user interaction. Siemens SITOP UPS1600 industrial power supply units with Ethernet/PROFINET interfaces are affected, with remediation available through firmware update to version 2.5.4 or later.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens SITOP UPS1600 devices to firmware version 2.5.4 or later
- Verify NTP client process isolation and network segmentation in industrial environments
- Monitor for anomalous ntpq process behavior on systems using NTP 4.2.8p15
- Review CISA ICS recommended practices for defense-in-depth strategies
- Apply principle of least privilege to NTP client configurations
- Consider network-level controls to restrict unauthorized NTP query access
Evidence notes
Vulnerability affects client ntpq process only, not ntpd daemon. Siemens has confirmed affected product models and provided specific firmware remediation. CISA ICS advisory ICSA-24-165-05 provides official government guidance for industrial control system environments.
Official resources
-
CVE-2023-26553 CVE record
CVE.org
-
CVE-2023-26553 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
published