PatchSiren cyber security CVE debrief
CVE-2023-42364 Siemens CVE debrief
CVE-2023-42364 is a BusyBox use-after-free issue tied to awk pattern handling that can crash affected Siemens industrial devices and cause denial of service. CISA’s CSAF advisory for Siemens was published on 2026-01-28 and updated through 2026-02-25; the cited remediation is to move to V3.3 or later where applicable.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Operators and maintainers of Siemens industrial network equipment and related OT environments that include the affected SINEC OS firmware or product builds identified in the advisory, especially where BusyBox-based command-line processing may be exposed to trusted users or maintenance workflows.
Technical summary
The advisory describes a use-after-free in BusyBox v1.36.1, specifically in the awk.c evaluate function when processing a crafted awk pattern. The provided CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) indicates local exploitability with user interaction required and a high availability impact, aligning with denial-of-service behavior rather than code execution.
Defensive priority
Medium. The issue is not rated critical, but it can still disrupt availability in industrial environments. Prioritize if the affected Siemens device is operationally important, difficult to service, or exposed to interactive/local maintenance paths.
Recommended defensive actions
- Apply Siemens guidance to update affected products to V3.3 or later, using the vendor remediation linked in the advisory.
- Confirm whether the specific device model and firmware branch in your environment actually uses the affected SINEC OS firmware before scheduling change windows.
- Restrict and monitor local shell or maintenance access on affected systems, since the CVSS vector requires local access and user interaction.
- Validate availability of rollback and recovery procedures before maintenance, especially for OT assets where downtime is costly.
- Track the Siemens/CISA advisory updates and re-check affected product mappings after any further republication or revision.
Evidence notes
All core facts come from the supplied CISA CSAF source item and its references: the description states a BusyBox v1.36.1 use-after-free in awk.c evaluate causing denial of service, and the CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The source metadata also records publication on 2026-01-28 and a latest update on 2026-02-25, which should be treated as advisory timing only, not the vulnerability’s origin date.
Official resources
-
CVE-2023-42364 CVE record
CVE.org
-
CVE-2023-42364 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA’s republished Siemens CSAF advisory on 2026-01-28, with subsequent advisory updates recorded through 2026-02-25. The issue is not listed as a CISA Known Exploited Vulnerability in the supplied data.