PatchSiren cyber security CVE debrief
CVE-2023-39192 Siemens CVE debrief
CVE-2023-39192 is a Linux kernel Netfilter flaw in the xt_u32 module that can let a local privileged attacker trigger an out-of-bounds read, which may result in a crash or information disclosure. In Siemens’ advisory for SCALANCE W700 IEEE 802.11ax, the issue affects 19 SCALANCE wireless products and is addressed by updating to V3.0.0 or later. CISA published the advisory on 2025-02-11 and later revised it on 2025-05-06 for typo fixes only.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators, integrators, and maintainers of the affected Siemens SCALANCE WAB/WAM/WUB/WUM devices should care, especially environments that rely on Linux-based device software and have privileged local access paths. OT teams should prioritize this if any affected product is deployed in production networks or remote management workflows.
Technical summary
The vulnerability is an out-of-bounds read in the Linux kernel Netfilter xt_u32 module caused by insufficient validation of fields in the xt_u32 structure. According to the advisory, a local privileged attacker can set size fields beyond array boundaries, which can crash the device or expose information. The reported CVSS v3.1 vector is AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L, matching a medium-severity issue with elevated privileges required.
Defensive priority
Medium. The exploitability is limited by the local privileged prerequisite, but the impact can include information disclosure and service disruption in OT devices. Prioritize remediation during the next maintenance window for exposed or production SCALANCE systems.
Recommended defensive actions
- Upgrade affected Siemens SCALANCE products to V3.0.0 or later, per the vendor remediation guidance.
- Identify all deployed instances of the 19 affected SCALANCE product variants listed in the advisory and confirm firmware/software versions.
- Limit privileged local access on affected devices and review administrative account exposure until patching is complete.
- Validate the remediation against Siemens’ advisory and maintenance guidance before deploying in production OT environments.
- Use defense-in-depth and ICS hardening practices from CISA while remediation is planned.
Evidence notes
Source material identifies CVE-2023-39192 as a Linux kernel Netfilter xt_u32 validation flaw causing out-of-bounds read, crash, or information disclosure. Siemens’ advisory covers 19 SCALANCE product variants and recommends updating to V3.0.0 or later. The CISA CSAF source was published on 2025-02-11 and revised on 2025-05-06 with revision history stating the update fixed typos. No KEV entry or ransomware linkage was provided in the supplied corpus.
Official resources
-
CVE-2023-39192 CVE record
CVE.org
-
CVE-2023-39192 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published by CISA on 2025-02-11, with a later revision on 2025-05-06 limited to typo corrections. The source corpus does not indicate known exploitation in the wild, a KEV listing, or ransomware campaign use.