PatchSiren cyber security CVE debrief
CVE-2023-52617 Siemens CVE debrief
A vulnerability in the Linux kernel's PCI switchtec driver could cause a crash during device release after surprise hot removal. The issue was resolved by fixing the stdev_release() function to properly handle cleanup when a device is unexpectedly removed. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability stems from improper handling of device state during hot removal operations in the PCI switchtec driver.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches running SINEC OS. System administrators responsible for PCI Express hot-plug capable systems using Microchip Switchtec PCIe switches. Industrial control system operators following CISA guidance for critical infrastructure protection.
Technical summary
The vulnerability exists in the PCI switchtec driver within the Linux kernel. When a switchtec PCI device undergoes surprise hot removal (unexpected physical removal while the system is running), the stdev_release() function may crash due to improper cleanup handling. This is a use-after-free or null pointer dereference scenario during the device release path. The fix ensures proper synchronization and state validation before accessing device resources during release. Affected Siemens products utilize this kernel driver in their SINEC OS-based industrial networking equipment.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS on affected SCALANCE and RUGGEDCOM devices
- Implement physical access controls to prevent unauthorized hot removal of PCI devices
- Monitor system logs for unexpected PCI device removal events and subsequent crashes
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability description indicates a crash in stdev_release() following surprise hot remove of PCI switchtec devices. The source advisory (ICSA-25-226-15) from CISA, based on Siemens ProductCERT SSA-613116, lists affected products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected products list and removal of rejected CVEs.
Official resources
-
CVE-2023-52617 CVE record
CVE.org
-
CVE-2023-52617 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12