VDB
ICSA-23-103-09
ICSA-23-103-09
PUBLISHED
CVSS 7.5 HIGH
Multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat as well as in the Linux Kernel could allow an attacker to impact the SCALANCE XCM332 device's confidentiality, integrity and availability. Siemens has released an update for the SCALANCE XCM332 and recommends to update to the latest version.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SCALANCE XCM332 (6GK5332-0GA01-2AC2) |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/csaf/ssa-558014.json (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-558014.html (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-558014.pdf (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-558014.txt (circl)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-103-09.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.cisa.gov/topics/industrial-control-systems (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
…and 3 more exploits
Timeline
- Apr 11, 2023 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-558014.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-558014.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-558014.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-558014.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-103-09.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109817513/ fix