CVE-2023-52843 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those using SCALANCE switches or RUGGEDCOM devices in critical infrastructure environments. Security teams responsible for OT/ICS network security should prioritize firmware updates and network segmentation controls.

Technical summary

The vulnerability exists in the Linux kernel's LLC (Logical Link Control, IEEE 802.2) protocol implementation. The code failed to verify that the MAC header length was sufficient before attempting to read the MAC header, potentially resulting in out-of-bounds memory reads. The fix adds proper length validation before header access operations. This vulnerability affects Siemens industrial networking products utilizing SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family switches. The CISA advisory classifies the impact as 'Misinformed' for affected products.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-613116 for specific product impact and patch availability
• Verify SINEC OS version on affected Siemens SCALANCE and RUGGEDCOM devices
• Apply vendor-provided firmware updates when available per Siemens advisory
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor CISA ICS advisories for additional updates to this vulnerability

Evidence notes

Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15. The source indicates this vulnerability was resolved in the Linux kernel LLC implementation. Siemens ProductCERT advisory SSA-613116 is the canonical source for product impact. Timeline derived from CSAF revision history: initial publication 2025-08-12, updated 2026-02-12 (product corrections), 2026-02-24 (removed rejected CVEs), 2026-02-25 (CISA republication).

Official resources