PatchSiren cyber security CVE debrief
CVE-2023-52784 Siemens CVE debrief
A vulnerability in the Linux kernel's bonding driver was resolved by ensuring the device is properly stopped during bond_setup_by_slave() operations. The issue was addressed in the kernel bonding subsystem to prevent potential instability or undefined behavior when configuring bonded network interfaces. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published this advisory on August 12, 2025, with subsequent updates through February 2026 to refine affected product listings and remove rejected CVEs. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches running SINEC OS. OT security teams responsible for patch management in industrial environments. Network administrators managing bonded network interfaces in Linux-based industrial systems.
Technical summary
The vulnerability exists in the Linux kernel's bonding driver, specifically in the bond_setup_by_slave() function. The resolution ensures proper device state management by stopping the device during slave setup operations. This prevents potential race conditions or resource conflicts that could lead to system instability. The fix represents a defensive hardening measure in network interface bonding configuration. Siemens has incorporated this kernel fix into SINEC OS for affected industrial networking products.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance and patch availability
- Verify SINEC OS version on affected Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family)
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Follow CISA ICS recommended practices for network segmentation and defense-in-depth strategies for industrial control systems
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
Evidence notes
The vulnerability description indicates a resolution in the Linux kernel bonding driver. Siemens ProductCERT advisory SSA-613116 is the authoritative source for product-specific impact assessment. CISA's advisory ICSA-25-226-15 was initially published August 12, 2025, with revision history showing updates on February 12, 2026 (corrected affected products), February 24, 2026 (removed unsupported version references and rejected CVEs), and February 25, 2026 (republication based on updated Siemens advisory). The threat assessment in the source marks impact as 'Misinformed' for the listed product IDs.
Official resources
-
CVE-2023-52784 CVE record
CVE.org
-
CVE-2023-52784 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12