PatchSiren cyber security CVE debrief
CVE-2023-52796 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's ipvlan networking subsystem. The fix introduces a new helper function `ipvlan_route_v6_outbound()` to properly handle IPv6 outbound routing in ipvlan configurations. The vulnerability was resolved through kernel patch implementation. Siemens has identified this CVE as applicable to certain industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CISA advisory (ICSA-25-226-15) was initially published on August 12, 2025, with subsequent revisions through February 25, 2026, to correct affected product listings and remove rejected CVEs. No CVSS score or severity rating is currently available in the source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE X-family managed switches and RUGGEDCOM RST2428P devices in critical infrastructure, manufacturing, and utility environments. Security teams responsible for OT/ICS network infrastructure should prioritize firmware updates and network monitoring for affected devices.
Technical summary
The vulnerability exists in the Linux kernel's ipvlan (IP virtual LAN) driver, which provides lightweight L3 networking virtualization. The resolution adds a dedicated `ipvlan_route_v6_outbound()` helper function to properly manage IPv6 outbound packet routing within ipvlan interfaces. Without this fix, improper IPv6 route handling in ipvlan configurations could lead to network connectivity issues or potentially exploitable conditions. The fix ensures correct routing decisions for IPv6 traffic egressing from ipvlan slave interfaces.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
- Verify SINEC OS version on affected SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P devices
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor network traffic for anomalous ipvlan-related behavior on affected industrial switches
- Implement network segmentation for critical industrial control systems as defense-in-depth measure
Evidence notes
Source indicates this CVE was resolved via kernel patch adding ipvlan_route_v6_outbound() helper. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product status. CISA advisory ICSA-25-226-15 underwent four revision cycles, with the most recent update on 2026-02-25 reflecting republication based on Siemens advisory. Threat assessment in source marks impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2023-52796 CVE record
CVE.org
-
CVE-2023-52796 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12