CVE-2023-52435 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking equipment, particularly in critical infrastructure environments. System administrators managing RUGGEDCOM and SCALANCE product lines. OT security teams responsible for patch management in industrial control system environments.

Technical summary

The vulnerability exists in the Linux kernel's skb_segment() function, which handles TCP segmentation. An MSS overflow condition could potentially lead to memory corruption or denial of service. The fix prevents this overflow during segment processing. This kernel-level vulnerability affects Siemens industrial networking products that utilize the vulnerable kernel code, including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The CISA advisory notes the impact assessment as 'Misinformed,' suggesting potential discrepancies in initial severity or scope assessment that were addressed in subsequent revisions.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-613116 for affected product versions and available patches
• Apply kernel updates or vendor-provided firmware patches for affected Siemens industrial networking equipment
• Monitor network traffic for anomalous segmentation behavior on affected systems
• Implement network segmentation for industrial control systems per CISA recommended practices
• Validate MSS settings in network configurations to reduce attack surface

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Source CISA CSAF ICSA-25-226-15, based on Siemens ProductCERT SSA-613116. Impact marked 'Misinformed' in source threats data for product IDs CSAFPID-0001, CSAFPID-0003, CSAFPID-0004. Revision history shows corrections to affected products on 2026-02-12 and 2026-02-24.

Official resources