PatchSiren cyber security CVE debrief
CVE-2023-52806 Siemens CVE debrief
A null pointer dereference vulnerability in the Linux kernel's ALSA HDA (High Definition Audio) subsystem could allow an attacker to cause a denial of service condition. The vulnerability occurs when assigning a stream, where a null pointer may be dereferenced without proper validation. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X family switches. The vulnerability was originally resolved in the upstream Linux kernel, and Siemens has incorporated this fix into affected product lines. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and remove rejected CVEs from related advisories.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X family switches or RUGGEDCOM RST2428P devices in industrial environments should prioritize patching. System administrators responsible for OT/ICS network infrastructure, particularly those in critical manufacturing, energy, and transportation sectors, should review their asset inventory against the affected product list. Security teams monitoring industrial control systems for availability risks should track this vulnerability given its potential for denial of service impact on network infrastructure components.
Technical summary
The vulnerability exists in the ALSA (Advanced Linux Sound Architecture) HDA (High Definition Audio) driver within the Linux kernel. Specifically, when assigning a stream, the code may dereference a null pointer without adequate validation checks. This class of vulnerability typically results in kernel crashes or undefined behavior, leading to denial of service conditions. The fix involves adding proper null pointer checks before stream assignment operations. Siemens industrial networking products utilizing SINEC OS incorporate the Linux kernel and are affected if running vulnerable kernel versions. The upstream kernel fix has been backported to supported Siemens product lines.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed patch information and affected product versions
- Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM devices
- Verify SINEC OS version is current; note that versions below 3.1 are no longer supported for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor CISA ICS advisories for additional updates to this vulnerability
Evidence notes
The vulnerability description indicates a null pointer dereference in ALSA HDA stream assignment. The source advisory (ICSA-25-226-15) marks impact as 'Misinformed' for affected products, suggesting potential for information disclosure or incorrect system behavior. The advisory underwent four revision cycles, with the most significant update on February 25, 2026, republishing based on Siemens ProductCERT SSA-613116.
Official resources
-
CVE-2023-52806 CVE record
CVE.org
-
CVE-2023-52806 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12