PatchSiren cyber security CVE debrief
CVE-2023-52871 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's Qualcomm LLCC (Last Level Cache Controller) driver. The issue involves improper handling when a second device is present, which could lead to data corruption. The vulnerability was resolved by implementing proper handling for multiple devices in the LLCC driver. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X family devices. The advisory indicates the impact assessment as 'Misinformed' for the affected products. Organizations should consult vendor guidance for patch availability and apply updates according to their risk management procedures.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment, particularly RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. System administrators managing Linux-based embedded systems with Qualcomm LLCC hardware. Industrial control system operators seeking to maintain security posture per CISA guidance. Security teams responsible for vulnerability management in OT/ICS environments.
Technical summary
CVE-2023-52871 is a vulnerability in the Linux kernel's Qualcomm Last Level Cache Controller (LLCC) driver. The issue occurs when a second device is present, potentially causing data corruption due to improper device handling. The vulnerability has been resolved in the Linux kernel with updates to properly handle multiple LLCC devices. Siemens has identified this vulnerability as affecting industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X family switches. The advisory classifies the impact as 'Misinformed' rather than a direct security vulnerability, suggesting potential confusion in initial assessment. No CVSS score is provided in available sources. The advisory was initially published on 2025-08-12 and most recently updated on 2026-02-25 to reflect corrections to affected product lists and removal of rejected CVEs.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product impact and patch information
- Verify SINEC OS version on affected Siemens devices and apply vendor-recommended updates
- Monitor CISA ICS advisory ICSA-25-226-15 for any additional guidance or updates
- Implement network segmentation for industrial control systems per CISA recommended practices
- Apply defense-in-depth strategies for ICS environments as outlined in CISA guidance
Evidence notes
The vulnerability description indicates a Linux kernel issue in the Qualcomm LLCC driver related to handling a second device without data corruption. The source advisory (ICSA-25-226-15) from CISA, based on Siemens ProductCERT SSA-613116, lists affected products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The threat category is marked as 'Misinformed' with no CVSS score provided in the source data. The advisory has undergone multiple revisions, with the most recent update on 2026-02-25 reflecting CISA republication based on Siemens advisory updates.
Official resources
-
CVE-2023-52871 CVE record
CVE.org
-
CVE-2023-52871 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12