PatchSiren cyber security CVE debrief
CVE-2023-51781 Siemens CVE debrief
CVE-2023-51781 is a use-after-free vulnerability in the Linux kernel's AppleTalk networking subsystem, specifically in the `atalk_ioctl` function in `net/appletalk/ddp.c`. The vulnerability stems from a race condition involving `atalk_recvmsg` that can trigger memory corruption. The issue affects Linux kernel versions prior to 6.6.8. This CVE was published on August 12, 2025, and last modified on February 25, 2026. The vulnerability has been identified in Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. According to the CISA advisory ICSA-25-226-15, the impact assessment for affected Siemens products is categorized as 'Misinformed' in the threat data, suggesting the actual risk to these specific products may differ from initial assumptions. The advisory has undergone multiple revisions, with the most recent update on February 25, 2026, reflecting corrections to affected product listings and removal of rejected CVEs. Organizations should consult Siemens ProductCERT advisory SSA-613116 for definitive product-specific guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment with SINEC OS, including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families). System administrators managing Linux-based industrial systems with AppleTalk protocol support enabled. OT security teams responsible for network infrastructure in critical manufacturing, energy, and transportation sectors.
Technical summary
The vulnerability exists in the AppleTalk protocol implementation within the Linux kernel. The `atalk_ioctl` function in `net/appletalk/ddp.c` contains a use-after-free condition that can be triggered through a race condition with `atalk_recvmsg`. This memory safety issue could potentially allow privilege escalation or denial of service. The flaw was resolved in Linux kernel 6.6.8. For Siemens products, the impact has been reassessed as 'Misinformed' per the threat data in ICSA-25-226-15, indicating that initial impact assumptions may not apply to the specific product configurations.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for definitive product-specific impact and patch guidance
- Verify kernel versions on affected Linux-based systems and upgrade to 6.6.8 or later where applicable
- Assess network segmentation to limit exposure of AppleTalk protocol implementations
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
- Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
Evidence notes
The vulnerability description is sourced from the CISA CSAF advisory ICSA-25-226-15, which references the Linux kernel AppleTalk subsystem issue. The Siemens product attribution and impact assessment ('Misinformed') are drawn directly from the source item's threat data and product tree. Timeline information reflects the CVE published and modified dates as specified in the source corpus. The advisory revision history shows four updates, with the February 25, 2026 republication based on Siemens ProductCERT SSA-613116.
Official resources
-
CVE-2023-51781 CVE record
CVE.org
-
CVE-2023-51781 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12