PatchSiren cyber security CVE debrief
CVE-2023-52865 Siemens CVE debrief
A vulnerability in the Linux kernel's Mediatek clock driver (clk-mt6797) was resolved by adding a null-check for mtk_alloc_clk_data. The issue affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability stems from a missing validation check that could lead to undefined behavior if memory allocation fails. Siemens addressed this through their SINEC OS updates, with the advisory undergoing multiple revisions to correct affected product listings and remove unsupported version references. The CISA advisory ICSA-25-226-15, republished on 2026-02-25, serves as the coordinating disclosure for industrial control system operators.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial control system operators using Siemens SINEC OS-based networking equipment, particularly in critical infrastructure environments. Security teams responsible for OT/ICS asset management and patch coordination should prioritize verification of affected device inventories.
Technical summary
The vulnerability exists in the Mediatek clock driver (clk-mt6797) within the Linux kernel. The fix adds a validation check for the return value of mtk_alloc_clk_data(), which allocates memory for clock data structures. Without this check, a failed memory allocation could result in a null pointer dereference when the returned pointer is subsequently dereferenced. This represents a CWE-476 (NULL Pointer Dereference) class vulnerability. The issue affects Siemens industrial networking products that incorporate the vulnerable kernel code through SINEC OS, including select SCALANCE X-family switches and RUGGEDCOM RST2428P devices.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch information
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices against vendor guidance
- Apply vendor-provided firmware updates for SINEC OS to address the underlying kernel vulnerability
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a kernel-level fix in the Mediatek clock driver. The Siemens CSAF advisory (SSA-613116) and CISA ICSA-25-226-15 provide the authoritative product impact assessment. The advisory revision history shows iterative corrections to the affected product list, with the 2026-02-25 republication representing the current authoritative state. The threat categorization in the source marks impact as 'Misinformed' for the listed product IDs.
Official resources
-
CVE-2023-52865 CVE record
CVE.org
-
CVE-2023-52865 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure via CISA and Siemens ProductCERT