PatchSiren cyber security CVE debrief
CVE-2023-52340 Siemens CVE debrief
CVE-2023-52340 is a denial-of-service vulnerability in the Linux kernel's IPv6 implementation, specifically within net/ipv6/route.c. The vulnerability exists in Linux kernel versions before 6.3, where the max_size threshold for IPv6 routing tables can be easily consumed. This consumption can be triggered when IPv6 packets are sent in a loop via a raw socket, resulting in network unreachability errors and service disruption. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this vulnerability as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE product families running SINEC OS. CISA republished Siemens' advisory as ICSA-25-226-15, with the most recent republication update occurring on 2026-02-25 based on Siemens ProductCERT advisory SSA-613116. The advisory's revision history indicates corrections to affected product listings and removal of rejected CVEs in subsequent updates. Organizations should consult vendor guidance for patch availability and apply recommended mitigations for affected industrial control systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices with IPv6 enabled. Industrial control system operators relying on SINEC OS for network infrastructure. Security teams responsible for OT/ICS network availability and resilience.
Technical summary
The vulnerability resides in the IPv6 routing implementation (net/ipv6/route.c) of the Linux kernel prior to version 6.3. The max_size threshold for route cache entries can be exhausted through crafted IPv6 packet transmission via raw sockets in a loop. When this threshold is reached, the system generates 'network is unreachable' errors, effectively causing a denial of service condition. This affects IPv6 networking functionality and can disrupt connectivity on affected systems. Siemens industrial networking products running SINEC OS are impacted, requiring firmware updates to remediate the underlying kernel vulnerability.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS on affected RUGGEDCOM and SCALANCE devices
- Implement network segmentation to limit exposure of IPv6-enabled industrial control systems
- Monitor for anomalous IPv6 traffic patterns that may indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15, which republishes Siemens ProductCERT advisory SSA-613116. Advisory revision history confirms publication date of 2025-08-12 and multiple updates through 2026-02-25. Siemens vendor identification and affected product list derived from CSAF product tree with high confidence.
Official resources
-
CVE-2023-52340 CVE record
CVE.org
-
CVE-2023-52340 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12