PatchSiren cyber security CVE debrief
CVE-2025-6141 Siemens CVE debrief
CVE-2025-6141 is a locally exploitable stack-based buffer overflow in GNU ncurses, affecting the postprocess_termcap function in tinfo/parse_entry.c. Siemens and CISA republished the issue for affected industrial networking products, including the named RUGGEDCOM RST2428P and multiple SCALANCE families, and Siemens advises upgrading to V3.3 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-28
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-01-28
- Advisory updated
- 2026-02-25
Who should care
Siemens OT/ICS operators and asset owners using affected RUGGEDCOM or SCALANCE devices, especially where SINEC OS firmware is deployed. Teams that allow local or maintenance access to these systems should treat this as a patching priority.
Technical summary
The advisory describes a stack-based buffer overflow in GNU ncurses up to 6.5-20250322. The affected path is postprocess_termcap in tinfo/parse_entry.c. The published CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, so exploitation requires local access and is scored low, but the issue is relevant to Siemens industrial devices because the vendor guidance recommends updating affected products to V3.3 or later. The CISA republication history shows the advisory was initially published on 2026-01-28 and later updated on 2026-02-12, 2026-02-24, and 2026-02-25.
Defensive priority
Medium for affected Siemens OT assets; otherwise low.
Recommended defensive actions
- Upgrade affected Siemens products to V3.3 or later, per the vendor remediation guidance.
- Confirm whether your deployed device model and firmware are on the affected list, including RUGGEDCOM RST2428P and the listed SCALANCE families.
- Verify whether the system uses SINEC OS firmware, since the updated advisory clarifies that SINEC OS firmware is impacted.
- Review Siemens advisory SSA-089022 and CISA ICSA-26-043-06 for product-specific remediation notes and any additional information.
- Restrict local and maintenance access to affected devices until remediation is complete.
Evidence notes
The source corpus states that GNU ncurses up to 6.5-20250322 is affected and that upgrading to 6.5-20250329 addresses the library issue. Siemens/CISA advisory metadata ties the issue to Siemens industrial products, with remediation to V3.3 or later. The CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, matching a local-access condition. CISA revision history records the advisory timeline and later clarification that only SINEC OS firmware is impacted.
Official resources
-
CVE-2025-6141 CVE record
CVE.org
-
CVE-2025-6141 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-01-28 via Siemens ProductCERT advisory SSA-089022 and CISA ICSA-26-043-06, with CISA republication updates on 2026-02-12, 2026-02-24, and 2026-02-25.