PatchSiren cyber security CVE debrief
CVE-2023-52670 Siemens CVE debrief
CVE-2023-52670 is a memory leak vulnerability in the Linux kernel's rpmsg virtio driver, specifically affecting the handling of driver_override during device removal. The vulnerability occurs when rpmsg_remove() fails to free the driver_override string, leading to a memory leak condition. This issue was resolved in the Linux kernel by ensuring proper deallocation of driver_override when the rpmsg device is removed. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability is classified as 'Misinformed' impact in the CISA advisory, indicating limited practical exploitability in operational technology environments. No CVSS score is currently assigned. Organizations should apply vendor-provided firmware updates and follow defense-in-depth practices for industrial control systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly RUGGEDCOM and SCALANCE product families in critical infrastructure, manufacturing, and utility environments. Security teams responsible for OT/ICS asset management and vulnerability management programs.
Technical summary
The vulnerability exists in the Linux kernel's rpmsg (remote processor messaging) virtio transport driver. When an rpmsg device is removed via rpmsg_remove(), the driver_override string allocated for the device is not properly freed, resulting in a memory leak. The fix ensures driver_override is deallocated during the removal cleanup path. This kernel-level issue affects embedded Linux systems used in Siemens industrial networking equipment running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE X-300/XR-300/XC-400/XR-500 series switches. The memory leak could theoretically contribute to resource exhaustion over repeated device attach/detach cycles, though operational impact is assessed as limited.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SINEC OS products when available
- Review and implement CISA ICS recommended practices for defense-in-depth security
- Monitor Siemens ProductCERT advisory SSA-613116 for updated remediation guidance
- Assess exposure of affected industrial switches (RUGGEDCOM RST2428P, SCALANCE X-family) in critical infrastructure environments
- Implement network segmentation for industrial control systems per CISA guidance
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. The issue is a kernel-level memory leak in rpmsg virtio driver cleanup path. Siemens advisory indicates affected products include RUGGEDCOM RST2428P and SCALANCE X-family industrial switches running SINEC OS. Impact classification of 'Misinformed' suggests limited practical security impact in operational contexts.
Official resources
-
CVE-2023-52670 CVE record
CVE.org
-
CVE-2023-52670 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12