PatchSiren cyber security CVE debrief
CVE-2023-52799 Siemens CVE debrief
CVE-2023-52799 is an array-index-out-of-bounds vulnerability in the Linux kernel's JFS (Journaled File System) implementation, specifically within the `dbFindLeaf` function. The vulnerability was resolved in the upstream Linux kernel. Siemens has identified this CVE as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CISA advisory ICSA-25-226-15, published on August 12, 2025, and subsequently updated through February 25, 2026, tracks this vulnerability for affected Siemens industrial control systems. The advisory's revision history indicates ongoing refinement of affected product lists, with corrections made in February 2026 to move certain entries to 'Known Not Affected Products' and removal of unsupported SINEC OS versions from scope. No CVSS score or severity rating is available in the provided source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, should prioritize review. OT security teams, industrial network administrators, and asset owners in critical infrastructure sectors utilizing Siemens SINEC OS-based equipment should monitor vendor patches and apply updates per Siemens ProductCERT guidance.
Technical summary
The vulnerability exists in the `dbFindLeaf` function of the JFS (Journaled File System) implementation within the Linux kernel. An array index out of bounds condition could potentially lead to undefined behavior. The issue was resolved in upstream Linux kernel development. Siemens industrial networking products utilizing affected Linux kernel versions with JFS support are impacted, specifically the RUGGEDCOM RST2428P and select SCALANCE X-family switches running SINEC OS. The CISA advisory indicates this vulnerability was initially marked with impact 'Misinformed' for certain product IDs, suggesting potential initial uncertainty in scope assessment that was later refined through advisory updates in February 2026.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch information
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices against vendor guidance
- Apply vendor-provided firmware updates for affected industrial networking equipment
- Monitor CISA ICS advisories for updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message resolving the issue. Product impact attribution to Siemens RUGGEDCOM RST2428P and SCALANCE families is derived from CISA CSAF advisory ICSA-25-226-15. The advisory's revision history confirms ongoing maintenance and accuracy corrections through February 2026.
Official resources
-
CVE-2023-52799 CVE record
CVE.org
-
CVE-2023-52799 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The vulnerability was disclosed through standard Linux kernel security channels with resolution committed upstream. Public disclosure via CISA occurred on August 12, 2025, through advisory ICSA-25-226-15, with subsequent updates through the