PatchSiren cyber security CVE debrief
CVE-2023-52840 Siemens CVE debrief
A use-after-free vulnerability in the Linux kernel's Synaptics RMI4 input driver was resolved via a fix in rmi_unregister_function(). The vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published this advisory on August 12, 2025, with subsequent revisions through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. The source advisory categorizes the impact as 'Misinformed' for affected product IDs. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment; OT security teams managing SINEC OS deployments; critical infrastructure operators with Siemens industrial Ethernet infrastructure
Technical summary
The vulnerability exists in the rmi_unregister_function() routine of the Linux kernel's Synaptics RMI4 (Remote Management Interface) input driver. A use-after-free condition can occur during function unregistration, potentially leading to memory corruption. The fix ensures proper memory management during the teardown path. This kernel-level vulnerability is exposed through Siemens' SINEC OS operating system used in industrial Ethernet switches.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS on affected SCALANCE and RUGGEDCOM devices
- Verify device inventory against corrected affected product list from February 2026 advisory revision
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous input device behavior on affected systems as potential exploitation indicator
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Advisory ICSA-25-226-15 underwent four revisions, with the latest on 2026-02-25 reflecting updates from Siemens ProductCERT SSA-613116. Impact categorized as 'Misinformed' in source CSAF data. Not a KEV-listed vulnerability.
Official resources
-
CVE-2023-52840 CVE record
CVE.org
-
CVE-2023-52840 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12