PatchSiren cyber security CVE debrief
CVE-2023-52587 Siemens CVE debrief
CVE-2023-52587 is a vulnerability in the Linux kernel's IP over InfiniBand (IPoIB) driver related to improper locking of multicast list structures. The vulnerability was resolved with a fix to the mcast list locking mechanism. According to the source advisory, the impact assessment for affected Siemens products is categorized as 'Misinformed', indicating the vulnerability's applicability or severity may have been initially mischaracterized. The vulnerability affects Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The advisory was initially published on August 12, 2025, and underwent multiple revisions through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. No CVSS score is provided in the source material. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying SCALANCE switches or RUGGEDCOM devices in critical infrastructure environments. Security teams responsible for OT/ICS asset management and patch coordination should monitor this advisory for updated guidance.
Technical summary
This vulnerability exists in the IP over InfiniBand (IPoIB) driver within the Linux kernel, specifically related to improper locking mechanisms for multicast list structures. The vulnerability was resolved through a fix to the mcast list locking implementation. The affected code path involves IB/ipoib multicast handling where concurrent access to multicast group lists could lead to race conditions. Siemens industrial networking products utilizing SINEC OS with affected Linux kernel versions are impacted, including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P devices. The source advisory categorizes impact as 'Misinformed', suggesting initial assessment may have been incorrect. No CVSS score is available in source materials.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for current affected product status and patch availability
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices; ensure version 3.1 or later is deployed as earlier versions are unsupported
- Apply vendor-provided firmware updates when available per Siemens security advisory guidance
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
- Follow defense-in-depth strategies for industrial control system environments
Evidence notes
The source advisory (ICSA-25-226-15) from CISA's CSAF repository indicates this CVE was included in a Siemens ProductCERT advisory (SSA-613116). The threat assessment in the source marks impact as 'Misinformed' for all affected product IDs. The revision history shows the advisory was updated multiple times between August 2025 and February 2026 to correct product listings and remove rejected CVEs. The vulnerability description indicates a fix was implemented in the Linux kernel for IPoIB multicast list locking.
Official resources
-
CVE-2023-52587 CVE record
CVE.org
-
CVE-2023-52587 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12