PatchSiren cyber security CVE debrief
CVE-2023-52478 Siemens CVE debrief
A vulnerability in the Linux kernel's HID Logitech HID++ driver could cause a kernel crash when a Logitech receiver is disconnected via USB. The issue stems from improper handling of USB disconnect events in the hid-logitech-hidpp driver, potentially leading to a use-after-free or null pointer dereference condition. Siemens has assessed this vulnerability as affecting certain industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE X family devices running SINEC OS. The vulnerability was originally resolved in the upstream Linux kernel, and Siemens has incorporated this fix into affected product lines. The CISA advisory ICSA-25-226-15, republished on 2026-02-25, provides authoritative guidance based on Siemens ProductCERT advisory SSA-613116. No known exploitation in the wild has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments. System administrators responsible for Linux-based embedded systems using Logitech HID++ devices. Security teams monitoring for local denial-of-service vectors in critical infrastructure environments where physical access controls may be a concern.
Technical summary
The vulnerability exists in the Linux kernel's HID Logitech HID++ driver (drivers/hid/hid-logitech-hidpp.c), which handles communication with Logitech's HID++ protocol devices. When a Logitech USB receiver is physically disconnected, improper cleanup of driver state can trigger a kernel crash. This represents a local denial-of-service condition requiring physical access to the system. The fix involves proper synchronization and cleanup of driver resources during USB disconnect handling. Siemens industrial networking products incorporating this kernel component are affected, with remediation available through vendor firmware updates.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific affected product versions and patch availability
- Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE X family devices as indicated in Siemens security advisory
- For systems where patching is not immediately feasible, restrict physical access to USB ports to prevent unauthorized Logitech receiver connections and disconnections
- Monitor system logs for unexpected kernel panics or crashes that may indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
Evidence notes
The vulnerability description indicates a kernel crash on USB disconnect of Logitech receivers, resolved in the Linux kernel HID: logitech-hidpp driver. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product identification. CISA advisory ICSA-25-226-15 was initially published 2025-08-12 and republished 2026-02-25 with corrections to affected products list. The threat assessment in the source marks impact as 'Misinformed' for affected product IDs CSAFPID-0001, CSAFPID-0004, and CSAFPID-0003. No CVSS score is provided in the source corpus.
Official resources
-
CVE-2023-52478 CVE record
CVE.org
-
CVE-2023-52478 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12