PatchSiren cyber security CVE debrief
CVE-2023-35827 Siemens CVE debrief
A use-after-free vulnerability exists in the Linux kernel's Renesas Ethernet AVB driver (ravb_main.c) affecting kernel versions through 6.3.8. The flaw occurs in the ravb_remove function during driver unbinding, where a race condition can lead to memory corruption. Siemens has identified this vulnerability as affecting industrial networking products including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The vulnerability was initially published in CISA advisory ICSA-25-226-15 on August 12, 2025, with subsequent revisions through February 25, 2026 correcting affected product listings and removing rejected CVEs. No known exploitation in the wild has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial Ethernet infrastructure, particularly RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. OT security teams managing critical infrastructure networks, manufacturing environments, and utility substations utilizing these networking products should prioritize patch evaluation when available.
Technical summary
The vulnerability resides in the ravb_remove function within drivers/net/ethernet/renesas/ravb_main.c in the Linux kernel. This function handles cleanup when the Renesas R-Car AVB (Audio Video Bridging) Ethernet driver is unbound from a device. A use-after-free condition can occur if memory resources are accessed after being freed during the removal sequence, potentially leading to kernel memory corruption. The flaw affects kernel versions up to and including 6.3.8. Siemens industrial networking products utilizing this kernel component, specifically those running SINEC OS on RUGGEDCOM RST2428P and SCALANCE X-family hardware platforms, are identified as affected. The CISA advisory indicates this vulnerability was subject to revision regarding affected product scope, with corrections issued in February 2026 to properly categorize products as affected versus known-not-affected.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
- Apply kernel updates or vendor-provided firmware patches for SINEC OS-based devices when available
- Implement network segmentation for affected industrial Ethernet switches to limit exposure
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
- Follow ICS-CERT recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. The advisory underwent four revision cycles between August 2025 and February 2026, with the most significant update on February 25, 2026 republishing based on corrected Siemens guidance. The threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs, suggesting potential for information disclosure or integrity impacts rather than direct code execution.
Official resources
-
CVE-2023-35827 CVE record
CVE.org
-
CVE-2023-35827 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12