CVE-2023-52838 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family industrial Ethernet switches should verify their exposure status through the vendor advisory. While the underlying Linux kernel vulnerability exists, Siemens has assessed it as not applicable to their products. General Linux users with IMS Twin Turbo framebuffer hardware should ensure kernel updates are applied.

Technical summary

The vulnerability exists in the imsttfb (IMS Twin Turbo framebuffer) driver within the Linux kernel's fbdev subsystem. A resource leak in the driver's probe function could occur during device initialization, potentially leading to resource exhaustion. The issue was resolved in the Linux kernel. Siemens has evaluated this CVE against their RUGGEDCOM RST2428P and SCALANCE X-family industrial Ethernet switches and determined the vulnerability to be 'Misinformed'—indicating it does not apply to their product configurations or the affected code path is not present/exploitable in their implementations.

Defensive priority

low

Recommended defensive actions

• Verify current firmware version on affected Siemens RUGGEDCOM RST2428P and SCALANCE X-family devices
• Review Siemens ProductCERT SSA-613116 advisory for definitive product impact assessment
• Apply vendor-recommended updates when available per organizational patch management policy
• Monitor CISA ICS advisories for subsequent updates to ICSA-25-226-15

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Siemens ProductCERT SSA-613116 advisory cited as authoritative source. CISA CSAF advisory ICSA-25-226-15 republished with updates through February 25, 2026. Threat assessment category 'impact' marked as 'Misinformed' for product IDs CSAFPID-0001, CSAFPID-0003, CSAFPID-0004.

Official resources