PatchSiren cyber security CVE debrief
CVE-2023-52475 Linux CVE debrief
A use-after-free vulnerability in the Linux kernel's Griffin PowerMate USB input driver (powermate) was resolved via a code fix. The flaw existed in the powermate_config_complete callback function. Siemens has assessed this CVE as not affecting its RUGGEDCOM RST2428P and SCALANCE X-family industrial networking products, reclassifying them from affected to known not affected in subsequent advisory revisions. The vulnerability was originally published in the CVE database on 2025-08-12 and last modified on 2026-02-25. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux systems with Griffin PowerMate USB input devices should ensure kernel patches are applied. Organizations deploying Siemens SCALANCE X-family switches or RUGGEDCOM RST2428P devices can disregard this CVE for those products based on vendor assessment. Industrial asset owners should monitor CISA ICS advisories for authoritative OT security guidance.
Technical summary
The vulnerability is a use-after-free (CWE-416) in the Linux kernel's drivers/input/misc/powermate.c powermate_config_complete function. This callback is invoked during USB device configuration completion. A use-after-free occurs when memory is accessed after it has been freed, potentially leading to memory corruption, crashes, or code execution. The fix resolves the lifecycle management of the relevant structure. Siemens products originally listed as affected were subsequently determined to be not vulnerable based on technical analysis.
Defensive priority
low
Recommended defensive actions
- Verify that Linux kernel versions deployed in your environment contain the fix for the powermate driver use-after-free if Griffin PowerMate USB devices are used
- For Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P deployments, no action is required based on vendor assessment of non-affectation
- Review vendor security advisories for any future reassessment of affectation status
- Apply standard ICS security practices including network segmentation for critical industrial control systems
Evidence notes
The source CISA CSAF advisory ICSA-25-226-15 (Siemens SINEC OS) contains a threat entry categorizing impact as 'Misinformed' for product IDs CSAFPID-0001, CSAFPID-0004, and CSAFPID-0003, indicating Siemens' assessment that these products are not actually vulnerable despite initial inclusion. The revision history shows corrections on 2026-02-12 moved entries to 'Known Not Affected Products' and the 2026-02-25 republication updated based on Siemens ProductCERT SSA-613116.
Official resources
-
CVE-2023-52475 CVE record
CVE.org
-
CVE-2023-52475 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12