CVE-2023-52425 Siemens CVE debrief

Who should care

Organizations running Siemens SINEC NMS, developers using libexpat for XML parsing in network-accessible applications, and operators of industrial control systems that may process untrusted XML input should prioritize remediation.

Technical summary

The vulnerability exists in libexpat's handling of large tokens that require multiple buffer fills. When such tokens are processed, the parser performs many full reparsings, leading to excessive resource consumption and potential denial of service. The attack vector is network-accessible with low complexity and no authentication required.

Defensive priority

HIGH

Recommended defensive actions

• Update Siemens SINEC NMS to version 3.0 or later per vendor guidance
• Review XML parsing implementations for libexpat usage and upgrade to patched versions
• Monitor network-accessible services that may parse untrusted XML input
• Apply defense-in-depth controls for industrial control systems per CISA recommended practices
• Validate input size limits for XML documents processed by affected systems

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-228-06, which references Siemens security advisory SSA-784301. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C indicates network attack vector with low attack complexity, no privileges required, and high availability impact.

Official resources