PatchSiren cyber security CVE debrief
CVE-2023-52876 Siemens CVE debrief
This CVE addresses a missing null-pointer check in the MediaTek clock driver for MT7629 Ethernet (clk-mt7629-eth) within the Linux kernel. The vulnerability was resolved by adding a check for the return value of mtk_alloc_clk_data(), which could fail and return NULL, potentially leading to a null pointer dereference if not handled. The issue affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. Notably, the source advisory marks the impact assessment as 'Misinformed,' suggesting the actual security impact may differ from initial assumptions. No CVSS score is currently assigned. Organizations should consult the Siemens ProductCERT advisory for specific patch availability and apply updates according to vendor guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300) or RUGGEDCOM RST2428P devices running SINEC OS; industrial control system administrators; critical infrastructure operators with MediaTek-based networking equipment
Technical summary
The vulnerability exists in the MediaTek clock driver for MT7629 Ethernet (clk-mt7629-eth) in the Linux kernel. The mtk_alloc_clk_data() function can return NULL on allocation failure, but the original code lacked a check for this condition. The fix adds proper null-pointer validation to prevent potential kernel crashes or undefined behavior. This affects Siemens industrial networking products utilizing the vulnerable kernel component.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific patch availability and affected product versions
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices and apply vendor-provided updates
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a kernel-level fix in the MediaTek clock driver. The source advisory (ICSA-25-226-15) lists impact as 'Misinformed' per the threats field, and revision history shows multiple updates correcting product scope. The vendor is confirmed as Siemens with affected products including RUGGEDCOM RST2428P and SCALANCE X-family devices.
Official resources
-
CVE-2023-52876 CVE record
CVE.org
-
CVE-2023-52876 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12