PatchSiren cyber security CVE debrief
CVE-2023-52477 Siemens CVE debrief
A vulnerability in the Linux kernel's USB hub driver could allow improper access to uninitialized Binary Object Store (BOS) descriptors. The issue stems from missing guards against accessing BOS descriptors before they are properly initialized during USB device enumeration. This vulnerability affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability was resolved in the upstream Linux kernel with a patch that adds proper guards against uninitialized BOS descriptor access.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM and SCALANCE devices in operational technology (OT) environments. System administrators responsible for maintaining firmware on industrial switches and routers. Security teams monitoring industrial control system vulnerabilities should track this for patch management prioritization.
Technical summary
This vulnerability exists in the Linux kernel's USB hub driver where BOS (Binary Object Store) descriptors could be accessed before initialization. The BOS descriptor is part of the USB 2.0+ specification that provides extended device capabilities information. Improper access to uninitialized descriptors could lead to undefined behavior or information disclosure. The fix adds guards to prevent access to these descriptors before proper initialization. The vulnerability affects Siemens industrial networking equipment running SINEC OS, which incorporates the Linux kernel. Affected product families include RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, and SCALANCE XCM-/XRM-/XCH-/XRH-300 families.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM devices
- Verify SINEC OS versions are updated to supported releases (3.1 or later for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family)
- Monitor CISA ICS advisories for additional guidance on industrial control system security
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Follow CISA recommended practices for ICS defense in depth strategies
Evidence notes
The vulnerability description indicates this was resolved in the Linux kernel with a fix for USB hub BOS descriptor handling. The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25, covers this CVE as part of Siemens ProductCERT advisory SSA-613116. The advisory's threat assessment categorizes impact as 'Misinformed' for affected product IDs. No CVSS score is provided in the source data. The advisory underwent multiple revisions, with the most recent on 2026-02-25 updating based on Siemens ProductCERT SSA-613116.
Official resources
-
CVE-2023-52477 CVE record
CVE.org
-
CVE-2023-52477 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12