PatchSiren cyber security CVE debrief
CVE-2023-52602 Siemens CVE debrief
A slab-out-of-bounds read vulnerability in the Journaled File System (JFS) dtSearch function of the Linux kernel, affecting Siemens industrial network infrastructure products. The vulnerability was resolved in the upstream Linux kernel. CISA and Siemens published coordinated advisories on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and remove rejected CVEs. No known exploitation in ransomware campaigns has been documented.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE and RUGGEDCOM industrial Ethernet switches in manufacturing, energy, transportation, and critical infrastructure environments. Security teams responsible for OT/ICS asset management and patch coordination should prioritize vendor advisory monitoring given the multi-revision disclosure timeline.
Technical summary
CVE-2023-52602 is a slab-out-of-bounds read vulnerability in the dtSearch function of the Journaled File System (JFS) in the Linux kernel. JFS is a 64-bit journaling filesystem developed by IBM and integrated into Linux. The dtSearch function handles directory tree searches, and the out-of-bounds read indicates insufficient bounds checking when processing JFS directory structures, potentially leading to information disclosure or system instability. The vulnerability was resolved in upstream Linux kernel development. Siemens identified this vulnerability as affecting certain industrial network infrastructure products running Linux-based firmware, specifically the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P switches. The advisory underwent substantial revision post-publication to correct product impact assessments, indicating initial analysis challenges in determining precise affected versions.
Defensive priority
medium
Recommended defensive actions
- Review Siemens SSA-613116 security advisory for current affected product status and patch availability
- Verify Linux kernel version in affected Siemens SCALANCE and RUGGEDCOM devices against vendor-provided fixed versions
- Apply vendor-supplied firmware updates for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P as available
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Implement network segmentation for industrial control systems per CISA recommended practices to limit exposure of affected devices
Evidence notes
The vulnerability description indicates a slab-out-of-bounds read in the JFS dtSearch function, a memory safety issue in the Linux kernel's Journaled File System implementation. The source advisory (ICSA-25-226-15) underwent three revisions after initial publication: February 12, 2026 (corrected affected products list), February 24, 2026 (removed unsupported version references and rejected CVEs), and February 25, 2026 (CISA republication based on Siemens SSA-613116). The threat assessment in the source marks impact as 'Misinformed' for the product IDs listed, suggesting potential analysis complexity or information quality considerations in initial assessments.
Official resources
-
CVE-2023-52602 CVE record
CVE.org
-
CVE-2023-52602 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure via CISA ICS advisory and Siemens ProductCERT