PatchSiren cyber security CVE debrief
CVE-2023-4921 Siemens CVE debrief
CVE-2023-4921 describes a Linux kernel use-after-free in net/sched: sch_qfq that can be abused for local privilege escalation. In the supplied Siemens/CISA advisory corpus, the issue is tied to multiple Siemens SCALANCE wireless products, with remediation guidance to update to V3.0.0 or later. The advisory was published on 2025-02-11 and later revised on 2025-05-06 for typo fixes.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators and maintainers of the listed Siemens SCALANCE wireless products, OT/ICS security teams, and Linux kernel platform maintainers responsible for embedded network appliances. This matters most where devices run affected firmware and local access controls are weak or broadly shared.
Technical summary
The source description says the Linux kernel net/sched: sch_qfq component contains a use-after-free that can be triggered when the plug qdisc is used as a class of the qfq qdisc. Packet handling reaches qfq_dequeue(), where the bug arises from sch_plug’s incorrect .peek handler and missing error checking in agg_dequeue(). The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local exploitation with high impact. Siemens’ advisory maps the issue to 19 SCALANCE product entries and recommends updating to V3.0.0 or later.
Defensive priority
High for any environment that deploys the listed Siemens SCALANCE models, especially if local access is possible or firmware versioning is uncertain.
Recommended defensive actions
- Update affected Siemens SCALANCE products to V3.0.0 or later, as directed in the Siemens advisory.
- Inventory the listed SCALANCE models and verify deployed firmware versions against the advisory’s affected-product list.
- Restrict local access paths and administrative exposure on affected devices, since the vulnerability requires local privileges per the supplied CVSS vector.
- Track the Siemens and CISA advisory references for any updated remediation guidance or product-specific notes.
- Apply standard ICS defense-in-depth practices, including segmentation and least-privilege access controls, using the CISA guidance links included in the advisory.
Evidence notes
The supplied source item is the CISA CSAF advisory ICSA-25-044-09 for Siemens SCALANCE W700 IEEE 802.11ax, published 2025-02-11 and revised 2025-05-06 for typo fixes. It lists CVE-2023-4921 and names 19 affected Siemens SCALANCE product variants. The vulnerability text in the source corpus identifies a Linux kernel sch_qfq use-after-free, provides the exploit condition involving plug qdisc and qfq_dequeue(), and recommends upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8; Siemens remediation guidance in the advisory is to update to V3.0.0 or later. The supplied enrichment marks the item as not KEV-listed.
Official resources
-
CVE-2023-4921 CVE record
CVE.org
-
CVE-2023-4921 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied advisory corpus shows public disclosure on 2025-02-11 via CISA CSAF and Siemens advisory materials, with a revision on 2025-05-06 limited to typo fixes. The supplied enrichment does not identify this CVE as CISA KEV-listed.