PatchSiren cyber security CVE debrief
CVE-2023-52502 Siemens CVE debrief
A race condition vulnerability exists in the Linux kernel's Near Field Communication (NFC) subsystem, specifically within the `nfc_llcp_sock_get()` and `nfc_llcp_sock_get_sn()` functions. The vulnerability was resolved in the Linux kernel with fixes to address race conditions in these socket lookup functions. Siemens has assessed this CVE as applicable to certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CISA ICS advisory ICSA-25-226-15, published August 12, 2025, and subsequently updated through February 25, 2026, tracks this vulnerability for affected Siemens industrial control systems. The advisory's threat assessment categorizes the impact as 'Misinformed' for the listed product IDs. Organizations operating affected Siemens industrial networking equipment should consult the vendor's security advisory for specific patch guidance and affected version information.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly RUGGEDCOM and SCALANCE X-family switches running SINEC OS. Security teams responsible for industrial control system (ICS) environments using NFC-capable Linux-based embedded systems. Asset owners in critical infrastructure sectors deploying affected Siemens networking equipment.
Technical summary
The vulnerability involves race conditions in the Linux kernel's NFC (Near Field Communication) Logical Link Control Protocol (LLCP) socket lookup functions `nfc_llcp_sock_get()` and `nfc_llcp_sock_get_sn()`. Race conditions in these functions could potentially lead to use-after-free or null pointer dereference scenarios during socket retrieval operations. The fix implemented in the Linux kernel addresses these synchronization issues. Siemens has identified this vulnerability as affecting industrial networking products utilizing SINEC OS, including RUGGEDCOM RST2428P and multiple SCALANCE X-family product lines. The CISA advisory ICSA-25-226-15, with multiple revisions through February 2026, provides tracking for this vulnerability in the industrial control systems context.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS-based devices when available
- Assess NFC subsystem exposure on affected industrial networking equipment
- Monitor CISA ICS advisories for additional guidance on ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
CVE published 2025-08-12 per CISA CSAF source. Linux kernel fix description indicates race condition in NFC LLCP socket functions. Siemens ProductCERT SSA-613116 and CISA ICSA-25-226-15 provide vendor advisory context. Threat category 'Misinformed' assigned in source CSAF data.
Official resources
-
CVE-2023-52502 CVE record
CVE.org
-
CVE-2023-52502 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12