CVE-2023-28578 Siemens CVE debrief

Who should care

OT and industrial network teams using Siemens SCALANCE WAB/WAM/WUB/WUM devices, especially operators, asset owners, and maintainers responsible for device firmware and access control.

Technical summary

The advisory states that Core Services can experience memory corruption when executing the command used to remove a single event listener. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating severe impact once the vulnerable path is reached. The affected product set spans 19 Siemens SCALANCE device variants listed in the CSAF advisory.

Defensive priority

Critical. Treat as a high-priority remediation for affected deployments because the issue is scored 9.3/Critical and the vendor provides a firmware update path for all listed products.

Recommended defensive actions

• Update affected Siemens SCALANCE devices to V3.0.0 or later, per the vendor remediation guidance.
• Inventory SCALANCE WAB/WAM/WUB/WUM models and confirm whether any listed product IDs are deployed.
• Restrict and monitor local or administrative access paths to affected devices until patching is complete.
• Schedule firmware updates during a controlled maintenance window and verify backups or rollback plans before changes.
• Review Siemens and CISA advisory references for model-specific guidance and any additional operational notes.

Evidence notes

Source corpus points to the CISA CSAF advisory ICSA-25-044-09 and Siemens advisory SSA-769027. The source item was published on 2025-02-11 and revised on 2025-05-06 for typo fixes only. The advisory names 19 affected Siemens SCALANCE product variants and recommends upgrading to V3.0.0 or later. The supplied enrichment indicates no KEV listing and no known ransomware campaign use.

Official resources