CVE-2023-52623 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM RST2428P or SCALANCE X-family switches with SINEC OS. OT security teams managing critical infrastructure networks, manufacturing environments, and utility substations where these devices are commonly deployed.

Technical summary

The vulnerability involves improper RCU (Read-Copy-Update) usage in the Linux kernel's SUNRPC (Sun Remote Procedure Call) subsystem, which is used for NFS and other network filesystem operations. RCU is a synchronization mechanism that allows read-heavy workloads to proceed without locking. Suspicious RCU usage warnings typically indicate potential race conditions or use-after-free scenarios that could lead to system instability or memory corruption. The fix was committed to the Linux kernel upstream. Siemens SINEC OS, which is based on Linux, incorporated this fix. The affected products include RUGGEDCOM RST2428P switches and multiple SCALANCE X-family industrial Ethernet switches (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families).

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-613116 for detailed product impact and patch information
• Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
• Apply vendor-provided firmware updates for SINEC OS 3.1 and later versions
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor CISA ICS advisories for additional updates to ICSA-25-226-15

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-15 from CISA CSAF. Siemens ProductCERT advisory SSA-613116 is the canonical source. Advisory underwent four revisions, with significant updates on 2026-02-12 (product list corrections), 2026-02-24 (removed rejected CVEs), and 2026-02-25 (CISA republication).

Official resources