PatchSiren cyber security CVE debrief
CVE-2025-4373 Siemens CVE debrief
CVE-2025-4373 describes an integer overflow in GLib's g_string_insert_unichar() function that can lead to a buffer underwrite when a very large insertion position is used. Siemens and CISA map the issue to affected industrial networking products running SINEC OS firmware, and Siemens provides a fix path to V3.3 or later. The CVE was published on 2026-01-28 and later republished/updated by CISA through 2026-02-25.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Siemens industrial network operators, OT/ICS asset owners, and maintenance teams responsible for the listed RUGGEDCOM and SCALANCE devices, especially where SINEC OS firmware is deployed. Vulnerability management teams should also track the Siemens advisory and CISA republication for product-specific scope and remediation details.
Technical summary
The flaw is an integer overflow in GLib's g_string_insert_unichar() path. When the character insertion position is large, the position value can overflow and result in a buffer underwrite. The advisory's CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L, which aligns with a medium severity rating and indicates limited integrity and availability impact rather than confidentiality impact.
Defensive priority
Medium. This is not listed as a KEV item, but it affects industrial devices and has a vendor-provided fix path. Plan remediation with normal change-control urgency, prioritizing externally reachable or operationally sensitive assets that match the Siemens advisory scope.
Recommended defensive actions
- Identify affected Siemens devices and confirm whether they run SINEC OS firmware covered by the advisory.
- Review Siemens ProductCERT advisory SSA-089022 and CISA advisory ICSA-26-043-06 for the exact affected product list and firmware scope.
- Update affected devices to V3.3 or later using the vendor remediation guidance.
- Use maintenance windows and test plans appropriate for ICS/OT environments before applying firmware updates.
- If immediate patching is not possible, apply compensating controls from CISA ICS recommended practices and defense-in-depth guidance.
- Track the advisory revision history through the latest CISA republication for scope clarifications and updates.
Evidence notes
Source corpus ties this CVE to Siemens advisory SSA-089022 republished by CISA as ICSA-26-043-06. The provided description states the GLib g_string_insert_unichar() integer overflow can underwrite a buffer when the insertion position is large. The advisory metadata also lists a vendor fix to update to V3.3 or later, and the CVSS vector supplied is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L.
Official resources
-
CVE-2025-4373 CVE record
CVE.org
-
CVE-2025-4373 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied advisory timeline on 2026-01-28, with CISA republication updates through 2026-02-25 based on Siemens ProductCERT SSA-089022.