PatchSiren cyber security CVE debrief
CVE-2023-52764 Siemens CVE debrief
A shift-out-of-bounds vulnerability in the Linux kernel's gspca/cpia1 camera driver was resolved in the media subsystem. The flaw existed in the set_flicker function where improper shift operations could lead to undefined behavior. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, which incorporates the Linux kernel. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, to refine affected product listings and remove rejected CVEs. No known exploitation in ransomware campaigns has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500), XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P devices with SINEC OS should assess their exposure. Industrial operators with camera-enabled embedded systems using gspca drivers may also be affected. Security teams responsible for OT/ICS infrastructure should monitor vendor advisories and apply patches according to organizational change management procedures.
Technical summary
The vulnerability exists in the set_flicker function of the gspca/cpia1 USB camera driver within the Linux kernel media subsystem. A shift-out-of-bounds condition could occur due to improper handling of shift operations, potentially leading to undefined behavior. This kernel-level vulnerability affects embedded systems and industrial devices utilizing the vulnerable kernel version, specifically Siemens networking products running SINEC OS that incorporate the affected Linux kernel components. The issue has been resolved in the upstream Linux kernel.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific product impact and patch availability
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in the gspca/cpia1 media driver. Siemens ProductCERT advisory SSA-613116, republished by CISA as ICSA-25-226-15, identifies affected products including RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The advisory revision history shows multiple updates: initial publication (2025-08-12), product list corrections (2026-02-12), removal of rejected CVEs and unsupported version notes (2026-02-24), and final republication (2026-02-25). The threat assessment categorizes impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2023-52764 CVE record
CVE.org
-
CVE-2023-52764 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12