CVE-2023-44320 Siemens CVE debrief

Who should care

OT and industrial network teams using Siemens SCALANCE wireless devices, especially administrators who manage the affected devices through the web interface and security teams responsible for plant network segmentation and account controls.

Technical summary

The advisory describes an authentication-validation weakness in the web management interface of 19 Siemens SCALANCE product variants. An authenticated attacker can perform certain modifications that influence administrator-configured UI elements. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, which aligns with a network-accessible management-plane integrity issue rather than a confidentiality or availability problem. The vendor remediation is to upgrade to V3.0.0 or later.

Defensive priority

Medium priority. Treat as a prompt maintenance item for exposed management interfaces, especially where operator-facing UI or device configuration could be altered by a user account with limited privileges.

Recommended defensive actions

• Update all affected Siemens SCALANCE devices to V3.0.0 or later.
• Restrict access to the device web interface to trusted administrative networks and accounts.
• Review recent UI and configuration changes for unauthorized or unexpected modifications.
• Apply ICS defense-in-depth guidance, including segmentation and least-privilege access to management interfaces.
• Monitor administrative authentication events and configuration-change logs for suspicious activity.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-044-09 and Siemens advisory SSA-769027, both published on 2025-02-11 and revised on 2025-05-06 for typo fixes only. The source corpus lists 19 affected Siemens product variants and a single vendor remediation: update to V3.0.0 or later. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Official resources