PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-52813 Siemens CVE debrief

CVE-2023-52813 is a vulnerability in the Linux kernel's crypto subsystem, specifically within the pcrypt parallel crypto framework. The issue involves a hung task condition that occurs during PADATA_RESET operations, which could lead to system unavailability or denial of service conditions. The vulnerability was resolved in the Linux kernel with a fix for the hungtask condition in pcrypt's PADATA_RESET handling. Siemens has identified this vulnerability as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE X family devices running SINEC OS. The CISA advisory ICSA-25-226-15, republished on February 25, 2026, incorporates updates from Siemens ProductCERT advisory SSA-613116. Notably, the February 2026 revisions corrected the affected products list and removed unsupported SINEC OS versions from scope, as versions below 3.1 are no longer supported for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family. The threat assessment categorizes the impact as 'Misinformed' per the source advisory. No CVSS score or severity rating is available in the source data. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and there is no indication of known ransomware campaign use.

Vendor
Siemens
Product
RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2025-08-12
Original CVE updated
2026-02-25
Advisory published
2025-08-12
Advisory updated
2026-02-25

Who should care

Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches and routers. Critical infrastructure operators, manufacturing facilities, and utility providers using these devices for industrial network segmentation and connectivity should prioritize assessment. Security teams responsible for OT/ICS environments running SINEC OS should verify patch status and monitor for availability issues.

Technical summary

The vulnerability exists in the Linux kernel's parallel cryptography framework (pcrypt). During PADATA_RESET operations, a hung task condition can occur, potentially causing system unavailability. The pcrypt framework is used for parallel processing of cryptographic operations, and the PADATA_RESET mechanism is involved in resetting parallel data structures. When this reset operation encounters certain conditions, it can trigger a hung task that prevents normal system operation. The fix resolves the synchronization or state handling issue that led to the hungtask condition. For Siemens industrial products, this kernel-level vulnerability is exposed through the SINEC OS operating system running on affected SCALANCE and RUGGEDCOM network infrastructure devices.

Defensive priority

medium

Recommended defensive actions

  • Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
  • Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices; upgrade to supported version 3.1 or later as remediation
  • Apply kernel updates provided by Siemens for affected industrial networking products
  • Monitor device logs for hung task or PADATA_RESET-related error conditions
  • Implement network segmentation for industrial control systems per CISA ICS recommended practices
  • Establish baseline performance monitoring to detect potential denial of service conditions

Evidence notes

The vulnerability description is sourced from the Linux kernel commit message indicating resolution of a hungtask condition in crypto/pcrypt during PADATA_RESET operations. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product identification. CISA advisory ICSA-25-226-15 revision history confirms the February 25, 2026 republication incorporated Siemens updates and corrected product scope. The 'Misinformed' threat categorization is taken directly from the source advisory threats section.

Official resources

2025-08-12