PatchSiren cyber security CVE debrief
CVE-2023-52601 Siemens CVE debrief
CVE-2023-52601 is a vulnerability in the Linux kernel's JFS (Journaled File System) that was resolved with a fix for an array-index-out-of-bounds condition in the dbAdjTree function. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE X family devices running SINEC OS. However, the source advisory marks the impact assessment as 'Misinformed,' indicating potential uncertainty or correction regarding the actual impact on these products. The CVE originates from a 2023 Linux kernel fix, suggesting this is a backported or newly disclosed vulnerability in embedded/OT environments rather than a novel discovery. Organizations running affected Siemens industrial networking equipment should verify their SINEC OS version and apply vendor-provided updates as indicated in the Siemens ProductCERT advisory.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM RST2428P or SCALANCE X family switches and routers in critical infrastructure environments. OT security teams responsible for patch management of SINEC OS-based devices should prioritize verification of this advisory given its 'Misinformed' impact classification and multiple revisions.
Technical summary
CVE-2023-52601 addresses an array-index-out-of-bounds vulnerability in the dbAdjTree function of the Linux kernel's Journaled File System (JFS). The vulnerability was resolved in the upstream Linux kernel. Siemens has disclosed this CVE as affecting industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The CISA advisory marks the impact as 'Misinformed,' indicating potential corrections to earlier impact assessments. The advisory has undergone four revisions, with the most recent on 2026-02-25 reflecting updates based on Siemens ProductCERT guidance. No CVSS score is available in the source data.
Defensive priority
medium
Recommended defensive actions
- Verify SINEC OS version on affected Siemens RUGGEDCOM RST2428P and SCALANCE X family devices
- Review Siemens ProductCERT SSA-613116 for specific patch availability and version guidance
- Apply vendor-provided firmware updates to affected industrial networking equipment
- Monitor CISA ICS advisories for updates to ICSA-25-226-15 as the advisory has undergone multiple revisions
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-15) indicates this CVE was republished on 2026-02-25 based on Siemens ProductCERT SSA-613116. The threat category is marked 'Misinformed' for affected products, suggesting the advisory may have corrected earlier impact assessments. The vulnerability description references a resolved Linux kernel JFS issue from 2023, indicating this is a disclosure of previously fixed kernel code now identified in Siemens OT products.
Official resources
-
CVE-2023-52601 CVE record
CVE.org
-
CVE-2023-52601 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12