PatchSiren cyber security CVE debrief
CVE-2023-52637 Siemens CVE debrief
A use-after-free (UAF) vulnerability exists in the Linux kernel's J1939 Controller Area Network (CAN) protocol implementation. The flaw occurs in the j1939_sk_match_filter function during setsockopt(SO_J1939_FILTER) operations, where improper memory handling can lead to a UAF condition. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel components. The issue was resolved in the upstream Linux kernel. Siemens has assessed this vulnerability as 'Misinformed' for the affected product lines, indicating the reported impact does not apply to their specific implementation or configuration.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P industrial networking equipment, particularly in transportation, energy, or manufacturing sectors utilizing J1939 CAN protocols. Security teams responsible for OT/ICS infrastructure should monitor this advisory for any changes to vendor impact assessment.
Technical summary
The vulnerability exists in the Linux kernel's J1939 protocol implementation, specifically in the j1939_sk_match_filter function. When setsockopt(SO_J1939_FILTER) is called, improper synchronization or memory management can result in a use-after-free condition. J1939 is a higher-layer protocol built on CAN (Controller Area Network) commonly used in heavy-duty vehicles and industrial applications. The UAF could potentially allow privilege escalation or denial of service if exploited. Siemens has determined that the reported vulnerability impact is 'Misinformed' for their affected products, suggesting the vulnerability either does not affect their specific implementation or has been mitigated through configuration or other controls.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Verify current firmware version on affected RUGGEDCOM RST2428P devices
- Apply vendor-provided security updates when available
- Monitor network traffic for anomalous J1939 CAN protocol activity
- Implement network segmentation for industrial control systems
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates a UAF in the Linux kernel's J1939 CAN protocol stack during socket option configuration. The source advisory (ICSA-25-226-15) lists this CVE with threat category 'impact' marked as 'Misinformed' for affected Siemens products. The advisory was initially published on 2025-08-12 and most recently updated on 2026-02-25 to reflect corrections based on Siemens ProductCERT SSA-613116. The affected product identified is the RUGGEDCOM RST2428P (6GK6242-6PA00), part of Siemens' industrial networking equipment portfolio.
Official resources
-
CVE-2023-52637 CVE record
CVE.org
-
CVE-2023-52637 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12