PatchSiren cyber security CVE debrief
CVE-2023-52581 Siemens CVE debrief
CVE-2023-52581 is a memory leak vulnerability in the Linux kernel's netfilter nf_tables subsystem, specifically triggered when more than 255 elements expire simultaneously. The vulnerability was resolved in the Linux kernel with a fix for the memory leak condition. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CISA advisory ICSA-25-226-15, published on August 12, 2025, and subsequently updated through February 25, 2026, provides official notification of affected products. Notably, the February 2026 revisions corrected the affected products list and removed unsupported SINEC OS versions from scope, as versions below 3.1 are no longer supported for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches running SINEC OS. System administrators responsible for Linux-based network infrastructure using nftables for packet filtering. OT security teams monitoring industrial control system vulnerabilities. Network engineers managing high-availability industrial networks where memory exhaustion could impact availability.
Technical summary
The vulnerability exists in the Linux kernel's netfilter framework, specifically within the nf_tables subsystem that provides packet filtering and network address translation capabilities. The memory leak occurs when more than 255 elements in a set expire simultaneously, causing allocated memory to not be properly freed. This condition could lead to gradual memory exhaustion on affected systems under specific traffic patterns or configuration states. The fix ensures proper cleanup of expired elements regardless of quantity.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific affected product versions and patch availability
- Verify SINEC OS version on affected Siemens devices; ensure running supported version 3.1 or later for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
- Apply kernel updates or vendor-provided patches addressing the nf_tables memory leak
- Monitor system memory utilization on affected devices for signs of resource exhaustion
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message referenced in the CVE record. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product identification. The CISA CSAF advisory ICSA-25-226-15 provides the government advisory context with revision history documenting product scope corrections in February 2026.
Official resources
-
CVE-2023-52581 CVE record
CVE.org
-
CVE-2023-52581 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12