PatchSiren cyber security CVE debrief
CVE-2023-52595 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's rt2x00 wireless driver, specifically related to beacon queue handling during hardware reset operations. The vulnerability was resolved by implementing a restart mechanism for the beacon queue when a hardware reset occurs. The issue affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. The vulnerability is classified as 'Misinformed' in terms of impact assessment within the source advisory. No CVSS score or severity rating is available in the provided source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial wireless networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS. System administrators managing Linux-based wireless access points or stations utilizing Ralink/MediaTek rt2x00 chipsets in industrial environments. OT security teams responsible for maintaining availability of wireless industrial control system communications.
Technical summary
The vulnerability exists in the rt2x00 wireless driver subsystem of the Linux kernel. When a hardware reset occurs, the beacon queue—which manages periodic beacon frame transmission essential for WiFi network operation—was not being properly restarted. This could lead to beacon transmission failures following hardware reset events, potentially causing wireless connectivity disruption or access point functionality degradation. The resolution implements explicit beacon queue restart logic triggered by hardware reset conditions. The affected code path involves the interaction between hardware reset handlers and the mac80211 beacon queue management interface in the rt2x00 driver stack.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Verify SINEC OS version and apply vendor-recommended updates
- Monitor CISA ICS advisories for additional guidance on affected SCALANCE and RUGGEDCOM products
- Implement network segmentation for industrial wireless infrastructure per CISA ICS recommended practices
- Assess beacon queue stability in rt2x00-based wireless deployments during planned maintenance windows
Evidence notes
The vulnerability description indicates a kernel-level wireless driver issue where beacon queue state was not properly maintained across hardware reset events. The fix involves restarting the beacon queue when hardware reset occurs. Source advisory ICSA-25-226-15 underwent multiple revisions: initial publication (2025-08-12), product list correction (2026-02-12), removal of rejected CVEs and unsupported version notes (2026-02-24), and final CISA republication based on Siemens ProductCERT SSA-613116 (2026-02-25). The threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0001, CSAFPID-0003, and CSAFPID-0004.
Official resources
-
CVE-2023-52595 CVE record
CVE.org
-
CVE-2023-52595 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12