PatchSiren cyber security CVE debrief

CVE-2023-52433 Siemens CVE debrief

A vulnerability in the Linux kernel's netfilter subsystem, specifically within the nft_set_rbtree module, has been identified. The issue involves improper handling of garbage collection for new elements during transactions, which could lead to use-after-free conditions or memory corruption. The vulnerability was resolved by modifying the garbage collection logic to skip synchronous garbage collection for new elements created within the same transaction. This flaw affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published advisory ICSA-25-226-15 on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and incorporate Siemens ProductCERT guidance. The advisory has been revised multiple times, with the most recent republication on February 25, 2026, based on Siemens ProductCERT advisory SSA-613116.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500), XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P industrial Ethernet switches should prioritize assessment. System administrators responsible for industrial control system network security, OT security teams managing critical infrastructure, and organizations with deployed nftables-based firewall policies on affected platforms should review vendor guidance.

Technical summary

The vulnerability exists in the Linux kernel's netfilter nft_set_rbtree implementation, which manages set data structures using red-black trees for nftables. The flaw occurs when synchronous garbage collection is performed on elements that were newly created within the same transaction, potentially leading to use-after-free or memory corruption conditions. The fix modifies the garbage collection logic to identify and skip elements that are new to the current transaction, preventing premature deallocation. This vulnerability affects Siemens industrial networking products utilizing SINEC OS, which incorporates the Linux kernel netfilter subsystem for network packet filtering and NAT functionality.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch availability and version guidance
Apply SINEC OS updates as specified in vendor security advisory for affected SCALANCE and RUGGEDCOM products
Validate netfilter nftables configurations on affected systems to ensure compatibility with patched kernel versions
Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Implement network segmentation for industrial control systems per CISA recommended practices to limit exposure

Evidence notes

The vulnerability description is derived from the Linux kernel commit message indicating resolution of a netfilter nft_set_rbtree garbage collection issue. Siemens ProductCERT advisory SSA-613116 and CISA ICSA-25-226-15 provide the authoritative product impact assessment. The advisory revision history confirms ongoing refinement of affected product scope, with corrections issued February 12, 2026, and February 24-25, 2026.

Official resources

This vulnerability was disclosed through coordinated vendor and government advisory channels. The Linux kernel fix was integrated upstream, and Siemens ProductCERT issued CSAF-formatted advisory SSA-613116, subsequently republished by CISA.