PatchSiren cyber security CVE debrief
CVE-2023-39193 Siemens CVE debrief
CVE-2023-39193 is a Linux kernel Netfilter flaw that Siemens mapped to multiple SCALANCE WAB/WAM/WUB/WUM product variants in its industrial advisory. The issue can let a local privileged attacker with CAP_NET_ADMIN trigger an out-of-bounds read, which may result in a device crash or limited information disclosure. Siemens’ remediation is to update the affected products to V3.0.0 or later. The advisory was published by CISA on 2025-02-11 and revised on 2025-05-06 for typo fixes only.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT/ICS operators, Siemens SCALANCE device administrators, plant network engineers, and security teams responsible for Linux-based industrial networking equipment should prioritize this advisory, especially where local administrative access exists or devices are exposed to shared management environments.
Technical summary
The underlying flaw is in the Linux kernel Netfilter subsystem: sctp_mt_check did not validate the flag_count field. That validation failure can permit an out-of-bounds read when a privileged local actor with CAP_NET_ADMIN interacts with the affected code path. The published impact is a crash or information disclosure, with a CVSS 3.1 score of 6.1 (MEDIUM). Siemens’ CSAF advisory associates the issue with 19 SCALANCE WAB/WAM/WUB/WUM product variants and recommends upgrading to V3.0.0 or later.
Defensive priority
Medium-High
Recommended defensive actions
- Identify whether any Siemens SCALANCE WAB/WAM/WUB/WUM devices in your environment match the affected product list in the advisory.
- Plan and apply Siemens remediation by updating affected products to V3.0.0 or later.
- Restrict local administrative access and limit who can obtain CAP_NET_ADMIN-equivalent privileges in supporting environments.
- Monitor affected devices for unexpected crashes, reboots, or abnormal logging that could indicate exposure to the flaw.
- Use maintenance windows and change control for firmware updates, and verify device status after remediation.
- Cross-check Siemens’ advisory and CISA CSAF details to confirm the exact product IDs and remediation guidance for your fleet.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory record for ICSA-25-044-09 / CVE-2023-39193, which states the Netfilter sctp_mt_check flag_count validation flaw, the local privileged (CAP_NET_ADMIN) impact, the affected Siemens SCALANCE product set, and the vendor remediation to V3.0.0 or later. The revision history in the source indicates the 2025-05-06 update was a typo fix only.
Official resources
-
CVE-2023-39193 CVE record
CVE.org
-
CVE-2023-39193 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory for ICSA-25-044-09 on 2025-02-11; the source advisory was revised on 2025-05-06 for typo corrections only.