PatchSiren cyber security CVE debrief
CVE-2023-42365 Siemens CVE debrief
CVE-2023-42365 is a BusyBox use-after-free issue in awk.c copyvar triggered by a crafted awk pattern. CISA republished Siemens ProductCERT advisory SSA-089022 as ICSA-26-043-06, tying the issue to Siemens SINEC OS firmware used across several industrial networking products and recommending an update to V3.3 or later. The CVSS vector indicates local access with user interaction, but the impact is high if an affected device is exposed to untrusted users or workflows.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
OT/ICS operators, plant engineers, and administrators responsible for Siemens SINEC OS-based devices—especially the listed SCALANCE and RUGGEDCOM product families—should review exposure and patch status. Security teams supporting industrial networks should also prioritize any environment where local command execution or user-assisted scripting on these devices is possible.
Technical summary
The source advisory describes a use-after-free vulnerability in BusyBox v1.36.1 within awk.c copyvar, reachable via a crafted awk pattern. The supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects local attack conditions with required user interaction and high confidentiality, integrity, and availability impact. CISA’s republication states that only Siemens SINEC OS firmware is impacted and that affected products should be updated to V3.3 or later.
Defensive priority
High priority for any organization using the affected Siemens firmware, because the vendor has a fix and the impact is high even though the attack requires local access and user interaction. Prioritize internet-exposed or operationally sensitive devices first, then validate firmware versions across the fleet.
Recommended defensive actions
- Inventory Siemens SINEC OS firmware devices and match them against the affected product list in the advisory.
- Update impacted devices to V3.3 or later, as Siemens recommends.
- If immediate patching is not possible, restrict local and interactive access paths and follow CISA ICS defense-in-depth guidance.
- Verify post-maintenance firmware versions and confirm no affected product variants remain in service.
- Review available logging and alerting for unexpected BusyBox/awk-related errors or device instability.
- Use the Siemens and CISA advisories as the authoritative source for product-specific remediation steps and any additional notes.
Evidence notes
The source description states: 'A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.' The CISA CSAF metadata identifies the advisory as ICSA-26-043-06 / SSA-089022, lists Siemens product families including RUGGEDCOM RST2428P and SCALANCE variants, and records remediation to update to V3.3 or later for multiple product IDs. The timeline shows publication on 2026-01-28 and a later update on 2026-02-25; the issue should be described using those advisory dates rather than the CVE ID year.
Official resources
-
CVE-2023-42365 CVE record
CVE.org
-
CVE-2023-42365 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-043-06 on 2026-01-28 as a republication of Siemens ProductCERT advisory SSA-089022, with later updates on 2026-02-12, 2026-02-24, and 2026-02-25. The advisory describes CVE-2023-42365 as a BusyBox awk use-after-free,