PatchSiren cyber security CVE debrief
CVE-2023-3567 Siemens CVE debrief
A use-after-free vulnerability exists in the Linux kernel's vc_screen driver (drivers/tty/vt/vc_screen.c) within the vcs_read function. This flaw affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability requires local user access to exploit and can result in system crashes or information disclosure through kernel memory leaks. The issue was initially published in CISA advisory ICSA-25-226-15 on August 12, 2025, with subsequent revisions through February 2026 to correct affected product listings and remove rejected CVEs. Siemens has addressed this through their ProductCERT security advisory SSA-613116.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE X-family managed switches in critical infrastructure environments. Security teams responsible for OT/ICS asset management, patch coordination, and network segmentation planning should prioritize review.
Technical summary
The vulnerability resides in the vcs_read function of drivers/tty/vt/vc_screen.c in the Linux kernel's virtual console screen driver. A use-after-free condition can occur when handling virtual console screen read operations, allowing a local attacker to trigger memory corruption. Successful exploitation may cause denial of service through system crashes or leak sensitive kernel information. The attack vector requires local access with user privileges. Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00) and multiple SCALANCE X-family switch models running SINEC OS. The advisory notes that no SINEC OS version lower than 3.1 is supported for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, which may affect patch applicability timelines.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for patch availability and version guidance
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available
- Implement network segmentation to limit local access to industrial control devices
- Monitor for anomalous system crashes or unexpected kernel behavior on affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. The advisory underwent multiple revisions: initial publication (2025-08-12), correction of affected products (2026-02-12), removal of rejected CVEs (2026-02-24), and final republication (2026-02-25). The threat assessment in the source marks impact as 'Misinformed' for affected product IDs CSAFPID-0001, CSAFPID-0003, and CSAFPID-0004.
Official resources
-
CVE-2023-3567 CVE record
CVE.org
-
CVE-2023-3567 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12