PatchSiren cyber security CVE debrief
CVE-2023-52789 Siemens CVE debrief
A missing null-pointer check for kstrdup() in the Linux kernel's tty vcc driver could allow memory exhaustion or denial-of-service conditions. The vulnerability exists in the vcc_probe() function where the return value of kstrdup() was not validated before use. Siemens has identified this issue as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA republished the advisory on 2026-02-25 with corrections to the affected products list. No CVSS score is currently available from NVD. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those with RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices. OT security teams responsible for patch management in manufacturing, energy, and critical infrastructure environments should prioritize monitoring vendor advisories.
Technical summary
The Linux kernel's tty vcc (Virtual Console Concentrator) driver contains a vulnerability in vcc_probe() where the return value of kstrdup() is not checked for NULL. kstrdup() can fail and return NULL when memory allocation fails, leading to potential null pointer dereference or subsequent memory corruption. The fix adds a proper null check after the kstrdup() call. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable kernel code, specifically those running SINEC OS including RUGGEDCOM RST2428P and various SCALANCE X-family switches. The vulnerability is classified with 'Misinformed' impact in the CISA advisory, suggesting potential for information disclosure or denial of service rather than code execution.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products when available
- Monitor Siemens ProductCERT advisory SSA-613116 for patch availability
- Implement network segmentation for industrial control systems per CISA recommended practices
- Review and update asset inventories to identify affected SINEC OS-based devices
- Consider temporary workarounds such as restricting physical and network access to affected devices until patches can be applied
Evidence notes
The vulnerability description indicates a missing null check for kstrdup() in vcc_probe(), which is a classic memory allocation failure handling issue. The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25, identifies Siemens industrial networking products as affected. The advisory's revision history shows multiple updates correcting product listings and removing rejected CVEs. The threat assessment in the source marks impact as 'Misinformed' for the listed product IDs.
Official resources
-
CVE-2023-52789 CVE record
CVE.org
-
CVE-2023-52789 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12