PatchSiren cyber security CVE debrief
CVE-2023-28484 Siemens CVE debrief
CVE-2023-28484 is an availability-impacting libxml2 flaw that Siemens maps to multiple SCALANCE W700 products in its 2025 advisory. The issue can be triggered by parsing certain invalid XSD schemas, leading to a NULL pointer dereference and segfault; Siemens recommends updating affected products to V3.0.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators of the affected Siemens SCALANCE WAB/WAM/WUB/WUM products, OT/ICS teams responsible for patching and network exposure, and anyone who relies on these devices to process schema-related XML/XSD content.
Technical summary
The underlying vulnerability is in libxml2 versions before 2.10.4. When certain invalid XSD schemas are parsed, xmlSchemaFixupComplexType in xmlschemas.c can dereference NULL and crash, resulting in a denial of service. Siemens’ CSAF advisory ICSA-25-044-09 lists 19 affected SCALANCE product variants and directs customers to update to V3.0.0 or later. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (6.5 MEDIUM).
Defensive priority
Medium. Prioritize remediation for any affected devices in operationally critical or remotely reachable environments, because the reported impact is denial of service rather than confidentiality or integrity compromise.
Recommended defensive actions
- Update affected Siemens SCALANCE products to V3.0.0 or later, as directed in the vendor remediation.
- Inventory deployed SCALANCE WAB/WAM/WUB/WUM models and confirm whether any of the 19 listed product IDs are in use.
- Review where these devices or connected workflows may process untrusted or externally supplied XML/XSD content, and reduce that exposure where possible until patched.
- Follow standard ICS defense-in-depth guidance from CISA and Siemens while planning and validating the maintenance window for remediation.
- Watch for unexpected parser crashes or service restarts on affected equipment until remediation is complete.
Evidence notes
The assessment is based on the supplied CISA CSAF advisory ICSA-25-044-09, Siemens’ referenced advisory materials, and the CVE description. The corpus states that CVE-2023-28484 affects libxml2 before 2.10.4 and that Siemens maps it to 19 SCALANCE product variants, with remediation to V3.0.0 or later. The supplied timeline shows the advisory was published on 2025-02-11 and revised on 2025-05-06 for typo fixes; no KEV entry or ransomware campaign use is present in the supplied corpus.
Official resources
-
CVE-2023-28484 CVE record
CVE.org
-
CVE-2023-28484 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the supplied advisory on 2025-02-11 and later revised it on 2025-05-06 for typo fixes; these dates describe advisory publication and revision, not the original software issue date.