PatchSiren cyber security CVE debrief
CVE-2023-44373 Siemens CVE debrief
CVE-2023-44373 affects multiple Siemens SCALANCE W7xx industrial wireless devices that do not properly sanitize an input field. According to the advisory, an authenticated remote attacker with administrative privileges could inject code or spawn a system root shell. The issue is described as a follow-up to CVE-2022-36323 and is rated critical.
- Vendor
- Siemens
- Product
- SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0)
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
OT and industrial network operators using the listed Siemens SCALANCE W721-1, W722-1, W734-1, W738-1, W748-1, W761-1, W774-1, W778-1, W786-1, W786-2, and W788-1/W788-2 variants, especially teams that expose administrative management access remotely.
Technical summary
The supplied CSAF advisory says affected devices do not properly sanitize an input field, creating an input-validation weakness that can be abused by an authenticated remote attacker with administrative privileges. The stated impact is code injection or spawning a system root shell. The advisory’s CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, and the vendor remediation is to update to V6.6.0 or later.
Defensive priority
Immediate. Although the attack requires authenticated administrative access, the impact is severe: potential code execution and root shell access on operational devices. Prioritize patching, validate which assets are on versions earlier than V6.6.0, and reduce exposure of administrative interfaces until remediation is complete.
Recommended defensive actions
- Update affected Siemens SCALANCE devices to V6.6.0 or later, as directed in the vendor remediation guidance.
- Inventory all listed SCALANCE W7xx devices and confirm whether any are running versions earlier than 6.6.0.
- Restrict and monitor administrative access to these devices, especially any remote management paths, until patching is complete.
- Apply industrial control system defense-in-depth practices such as segmentation and least-privilege access around the management plane.
- Review logs for unexpected administrative activity or suspicious configuration changes on affected devices.
Evidence notes
All factual claims here are drawn from the supplied CISA CSAF source item ICSA-26-111-07 and the referenced Siemens ProductCERT advisory SSA-019200. The source states the flaw is an input-sanitization issue that may allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell, and it recommends updating to V6.6.0 or later. The provided metadata also identifies the issue as a follow-up to CVE-2022-36323. No KEV entry was supplied.
Official resources
-
CVE-2023-44373 CVE record
CVE.org
-
CVE-2023-44373 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Use 2026-04-14 as the public advisory date, matching the supplied CVE/source publication timestamp. The source was modified on 2026-04-21, which the timeline identifies as the initial CISA republication of Siemens ProductCERT advisory SSA--