CVE-2023-52426 Siemens CVE debrief

Who should care

Organizations operating Siemens SINEC NMS in industrial environments, OT security teams managing XML parsing components, and administrators responsible for libexpat deployments in control systems infrastructure.

Technical summary

The vulnerability exists in libexpat versions through 2.5.0 when compiled without XML_DTD defined. This configuration allows recursive XML Entity Expansion, which can be exploited to cause denial of service through excessive memory or CPU consumption. The issue affects Siemens SINEC NMS, which incorporates the vulnerable library. The attack requires local access and low privileges, with no user interaction needed. The availability impact is rated high, while confidentiality and integrity impacts are none.

Defensive priority

medium

Recommended defensive actions

• Update Siemens SINEC NMS to version 3.0 or later per vendor guidance
• Review libexpat compilation configurations to ensure XML_DTD is defined where required
• Monitor CISA ICS advisories for additional affected product notifications
• Apply defense-in-depth practices for industrial control systems per CISA recommendations

Evidence notes

Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-228-06. Vendor fix confirmed by Siemens with specific version guidance. CVSS vector and scoring details provided in source advisory.

Official resources