PatchSiren cyber security CVE debrief
CVE-2023-29469 Siemens CVE debrief
CVE-2023-29469 is a libxml2 vulnerability that Siemens mapped to multiple SCALANCE W700 products in its advisory. A crafted XML document can trigger nondeterministic hash behavior when empty dictionary strings are processed, which can lead to logic failures and memory errors such as a double free. Siemens’ advisory identifies 19 affected SCALANCE models and directs customers to update to V3.0.0 or later. For OT and network teams, this is primarily a stability and availability issue, but memory corruption also raises security concern in any environment that parses untrusted XML.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Siemens SCALANCE WAB/WAM/WUB/WUM operators, OT/ICS administrators, network security teams supporting industrial wireless infrastructure, and vulnerability management teams responsible for embedded Linux or XML-parsing components in deployed appliances.
Technical summary
The underlying issue is in libxml2 before 2.10.4. When xmlDictComputeFastKey in dict.c hashes empty dict strings from a crafted XML document, it can use the first byte of an empty string in a way that is not deterministic, producing arbitrary values instead of only '\0'. Siemens’ CSAF advisory ties this upstream flaw to multiple SCALANCE W700 device models. The stated impact is logic and memory errors, including double free, and the supplied CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, and high availability impact.
Defensive priority
Medium
Recommended defensive actions
- Update affected Siemens SCALANCE products to V3.0.0 or later as directed in the Siemens advisory.
- Inventory the listed SCALANCE models to confirm whether any affected product IDs are deployed.
- Prioritize remediation for systems that process XML from external or semi-trusted sources.
- Validate firmware/software versions after maintenance to confirm the fixed release is installed.
- Monitor affected devices for crashes, restarts, or other instability that could indicate exposure to the flaw.
- Use Siemens and CISA industrial control system hardening guidance to reduce exposure while remediation is planned.
Evidence notes
The supplied Siemens CSAF advisory and CISA source item both describe the libxml2 issue, the affected SCALANCE product list, and the remediation to update to V3.0.0 or later. The source corpus does not indicate KEV listing or ransomware association. Timing in this brief follows the supplied CVE/source publication date of 2025-02-11 and revision date of 2025-05-06; these are advisory dates, not the original upstream bug date.
Official resources
-
CVE-2023-29469 CVE record
CVE.org
-
CVE-2023-29469 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by the source advisory on 2025-02-11; revised 2025-05-06 for typo fixes. The brief uses those supplied dates for context and does not treat them as the original vulnerability introduction date.