PatchSiren cyber security CVE debrief
CVE-2023-46343 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the `send_acknowledge` function within `net/nfc/nci/spi.c`. This flaw affects Linux kernel versions prior to 6.5.9. The vulnerability was published in the CVE database on August 12, 2025, with subsequent modifications through February 25, 2026. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability is classified with an impact category of 'Misinformed' in the source advisory, indicating potential for information disclosure or system instability rather than direct code execution. Organizations should consult vendor guidance for patch availability and apply kernel updates where applicable.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM and SCALANCE industrial networking equipment, particularly those with NFC-enabled configurations. System administrators managing Linux-based industrial control systems with NFC capabilities. Security teams responsible for kernel-level vulnerability management in operational technology environments.
Technical summary
The vulnerability resides in the `send_acknowledge` function of the NFC NCI (NFC Controller Interface) SPI driver in the Linux kernel. A NULL pointer dereference occurs when processing acknowledgment responses, potentially leading to kernel panic or system instability. The flaw affects kernel versions before 6.5.9. Siemens industrial networking products utilizing affected kernel versions in SINEC OS are impacted, including RUGGEDCOM RST2428P and select SCALANCE X-family switches. The vulnerability requires local or proximity-based NFC interaction to trigger, limiting remote exploitability in typical industrial network deployments.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
- Apply kernel updates to Linux 6.5.9 or later where SINEC OS or other affected distributions permit
- Monitor CISA ICS advisories for additional guidance on industrial control system mitigations
- Implement network segmentation for NFC-capable industrial devices where patching is not immediately feasible
- Follow CISA recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability description is sourced from the official CVE record and CISA CSAF advisory ICSA-25-226-15. The affected product list and vendor attribution derive from Siemens ProductCERT advisory SSA-613116 as republished by CISA. Timeline information reflects the CVE publication date of 2025-08-12 and modification date of 2026-02-25, with the source advisory undergoing multiple revisions including corrections to affected products list on 2026-02-12 and 2026-02-24.
Official resources
-
CVE-2023-46343 CVE record
CVE.org
-
CVE-2023-46343 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12