CVE-2023-52510 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS should review this advisory to confirm their exposure assessment. Security teams in OT/ICS environments should monitor vendor advisories for any change in impact assessment.

Technical summary

CVE-2023-52510 describes a use-after-free vulnerability in the ca8210_probe function of the Linux kernel's ieee802154 (IEEE 802.15.4 low-rate wireless personal area network) driver. The vulnerability was resolved in the upstream Linux kernel. Siemens has assessed this CVE as 'Misinformed' for its affected product lines, indicating that the vulnerability does not actually affect these products as initially believed. The affected products include industrial Ethernet switches running SINEC OS. No CVSS score has been assigned. The vulnerability is not known to be exploited in the wild.

Defensive priority

low

Recommended defensive actions

• Verify that affected Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) are running supported SINEC OS versions 3.1
• Review Siemens ProductCERT advisory SSA-613116 for product-specific guidance
• Apply vendor-provided patches or updates when available per vendor security advisory
• Monitor CISA ICS advisories for additional updates to ICSA-25-226-15
• Implement network segmentation for industrial control systems per CISA recommended practices

Evidence notes

The source CISA CSAF advisory ICSA-25-226-15 explicitly categorizes the threat impact for this CVE as 'Misinformed' for all listed Siemens product IDs (CSAFPID-0001, CSAFPID-0003, CSAFPID-0004). The CVE description indicates a UAF fix in ca8210_probe. No CVSS vector is provided in the source. The CVE is not marked as KEV.

Official resources