PatchSiren cyber security CVE debrief
CVE-2023-7256 Siemens CVE debrief
CVE-2023-7256 describes a libpcap ownership-handling flaw that can lead to a double free during remote packet capture setup. In the Siemens advisory republished by CISA, the issue is tied to affected firmware in multiple Siemens industrial product families, including the RUGGEDCOM/SCALANCE context provided here. Siemens recommends updating affected products to V3.3 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Administrators and operators of Siemens industrial devices or firmware that use affected libpcap code, especially where remote packet capture is enabled or management access is available. In the supplied context, that includes the RUGGEDCOM RST2428P (6GK6242-6PA00) product line and related Siemens families named in the advisory.
Technical summary
During remote packet capture setup, the internal function sock_initaddress() calls getaddrinfo() and may call freeaddrinfo(), but it does not clearly communicate whether the caller still needs to free that memory. In some scenarios, both the function and its caller can free the same allocation, creating a double-free condition (CWE-415). The source advisory ties the issue to availability impact only, matching the supplied CVSS vector of AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.4 medium). The advisory also notes a similar issue in Apple libpcap, assigned CVE-2023-40400.
Defensive priority
Medium. Patch promptly if the affected firmware is deployed in production, especially on devices used for remote packet capture or where service availability is critical. Because the reported impact is availability-focused, remediation is important even when confidentiality and integrity are not directly affected.
Recommended defensive actions
- Update affected Siemens products to V3.3 or later, following the product-specific guidance in the Siemens advisory.
- Confirm whether the deployed Siemens firmware or package set includes the affected libpcap component before scheduling maintenance.
- Restrict administrative access to management and packet-capture functions to trusted operators only.
- Review device stability and logs for abnormal restarts or failures around remote packet capture setup.
- Track the Siemens ProductCERT advisory SSA-089022 and the CISA republication for any product-mapping updates or clarification.
Evidence notes
This debrief is based on the CISA CSAF republication of Siemens advisory SSA-089022, the linked Siemens advisory pages, and the official CVE record. The source explicitly describes the double-free mechanism, lists the affected Siemens product families, and provides the remediation statement to update to V3.3 or later. The advisory revision history shows CISA publication on 2026-01-28 and later updates on 2026-02-12, 2026-02-24, and 2026-02-25.
Official resources
-
CVE-2023-7256 CVE record
CVE.org
-
CVE-2023-7256 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-01-28 and republished updates on 2026-02-12, 2026-02-24, and 2026-02-25 based on Siemens ProductCERT advisory SSA-089022. This debrief uses those advisory dates for publication context; it does not treat