PatchSiren cyber security CVE debrief
CVE-2023-52597 Siemens CVE debrief
A vulnerability in the Linux kernel's KVM s390 implementation related to incorrect setting of the Floating-Point Control (FPC) register has been identified in Siemens industrial networking products. The FPC register controls floating-point operations and exception handling on IBM Z (s390x) architecture. Improper handling of this register in a virtualized environment could lead to information disclosure or denial of service conditions for guest virtual machines. The vulnerability was resolved in the upstream Linux kernel. Siemens has assessed this vulnerability as having no security impact (misinformed) for the affected RUGGEDCOM RST2428P and SCALANCE product families, indicating that the vulnerable code path is not exploitable in their specific product configurations or the issue does not affect security posture.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Operators of Siemens RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family industrial Ethernet switches; security teams maintaining OT/ICS environments with virtualized s390 workloads; Linux kernel maintainers for s390 KVM subsystem
Technical summary
The vulnerability exists in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for IBM Z (s390x) architecture, specifically in the handling of the Floating-Point Control (FPC) register. The FPC register manages floating-point rounding modes, exception masks, and flags. In virtualized environments, improper isolation or setting of this register could allow guest VMs to observe stale state or trigger unexpected floating-point exceptions. The fix ensures proper initialization and context switching of the FPC register during VM operations. Siemens products incorporating this kernel component have been assessed as not vulnerable to security exploitation of this issue.
Defensive priority
low
Recommended defensive actions
- Verify current firmware version on affected Siemens RUGGEDCOM RST2428P and SCALANCE devices
- Review Siemens ProductCERT advisory SSA-613116 for any subsequent reassessment of impact
- Apply standard ICS security hardening practices per CISA recommended practices
- Monitor for future Siemens security advisories that may revise impact assessment
Evidence notes
The source advisory (ICSA-25-226-15) explicitly categorizes the impact of this CVE as 'Misinformed' for all affected product IDs (CSAFPID-0001, CSAFPID-0003, CSAFPID-0004), indicating Siemens ProductCERT determined the vulnerability does not pose a security risk to these products despite the underlying Linux kernel issue. The CVE was originally published 2025-08-12 and modified 2026-02-25 with republication based on Siemens SSA-613116.
Official resources
-
CVE-2023-52597 CVE record
CVE.org
-
CVE-2023-52597 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12