CVE-2023-52619 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE X-family switches, RUGGEDCOM RST2428P devices, or other SINEC OS-based industrial networking equipment should prioritize assessment. OT security teams managing critical infrastructure networks, manufacturing environments, and utility control systems using these products need to evaluate exposure and coordinate patching with operational requirements.

Technical summary

The vulnerability exists in the Linux kernel's persistent storage (pstore) RAM backend. When the system is configured with an odd number of CPUs, the pstore/ram implementation can trigger a crash condition. This represents a denial-of-service vector that could impact system availability. The fix involves correcting the CPU count handling logic in the pstore/ram subsystem. Siemens industrial networking products utilizing affected kernel versions in SINEC OS are impacted, with specific product families identified in vendor advisories.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT SSA-613116 for detailed product-specific patch guidance
• Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
• Apply vendor-provided firmware updates to address the underlying kernel vulnerability
• For systems where immediate patching is not feasible, assess CPU configuration as a potential temporary mitigation factor
• Monitor CISA ICS advisories for additional guidance on industrial control system protections

Evidence notes

CVE description indicates kernel-level crash condition tied to CPU count configuration. Siemens ProductCERT SSA-613116 and CISA ICSA-25-226-15 identify affected industrial control system products. Source advisory revision history shows iterative corrections to product scope between February 12-25, 2026.

Official resources