CVE-2023-28319 Siemens CVE debrief

Who should care

Industrial control system operators, OT security teams, Siemens device administrators, and organizations using TIM 1531 IRC modules for industrial通信 infrastructure

Technical summary

The vulnerability exists in libcurl's SSH public key verification implementation. When verifying an SSH server's public key using SHA-256 hash comparison, a failed check triggers memory deallocation of the fingerprint buffer before the error message is constructed. The subsequent error message references this freed memory, creating a use-after-free condition that may incorporate arbitrary heap contents into the error output. This information disclosure vector could expose sensitive data to users or logging systems. The flaw affects curl versions prior to 8.1.0 and is present in Siemens industrial communication modules that incorporate vulnerable curl components.

Defensive priority

HIGH

Recommended defensive actions

• Update affected Siemens SIPLUS TIM 1531 IRC and TIM 1531 IRC devices to firmware version 2.4.8 or later
• Review error handling configurations to minimize exposure of system error messages to untrusted users
• Apply network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous SSH connection attempts or fingerprint verification failures
• Validate curl/libcurl component versions in any custom applications using SSH public key verification features

Evidence notes

Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-165-06. Vendor fix specified as update to V2.4.8 or later. CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with exploitability metrics E:P/RL:O/RC:C.

Official resources