PatchSiren cyber security CVE debrief
CVE-2023-5717 Siemens CVE debrief
CVE-2023-5717 is a high-severity Linux kernel performance events (perf) vulnerability that Siemens lists as affecting multiple SCALANCE WAB/WAM/WUB/WUM products. The issue is a heap out-of-bounds write in perf_read_group() that can lead to local privilege escalation. Siemens and CISA published the advisory on 2025-02-11 and later revised it on 2025-05-06 for typos; the remediation is to update to V3.0.0 or later.
- Vendor
- Siemens
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Operators, maintainers, and security teams responsible for the affected Siemens SCALANCE wireless devices should prioritize this advisory, especially where local user access or device shell access is possible. Industrial environments that allow shared access, maintenance accounts, or field-service workflows should pay particular attention because the underlying flaw can be used for local privilege escalation.
Technical summary
The vulnerability is described as a heap out-of-bounds write in the Linux kernel's perf subsystem. According to the advisory, if perf_read_group() is called when an event's sibling_list is smaller than its child's sibling_list, the code can increment or write beyond the allocated buffer. The source material states this can be exploited for local privilege escalation. Siemens maps the issue to 19 SCALANCE product variants and recommends upgrading past the fixed release.
Defensive priority
High. The advisory describes a local privilege-escalation path with CVSS 7.8 (HIGH), and Siemens provides a vendor fix. Systems that expose local access paths should be updated promptly.
Recommended defensive actions
- Upgrade affected Siemens SCALANCE products to V3.0.0 or later, as recommended in the advisory.
- Inventory the listed SCALANCE models and confirm whether any deployed devices match the affected product IDs or product names.
- Restrict local access to the affected devices as a compensating control until patching is complete.
- Review maintenance, service, and shared-access workflows for unnecessary local accounts or interactive access on affected devices.
- Validate remediation against the Siemens advisory and associated CISA bulletin before returning devices to service.
Evidence notes
Source material identifies CVE-2023-5717 as a Linux kernel perf heap out-of-bounds write and states it can enable local privilege escalation. The Siemens/CISA CSAF advisory (ICSA-25-044-09 / SSA-769027) lists 19 affected SCALANCE products and recommends updating to V3.0.0 or later. Published and modified dates used here come from the supplied CVE and advisory timeline: 2025-02-11 and 2025-05-06.
Official resources
-
CVE-2023-5717 CVE record
CVE.org
-
CVE-2023-5717 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA/Siemens advisory on 2025-02-11 and revised on 2025-05-06 for typos. The CVE was not treated as a 2025-05-06 issue date.