PatchSiren cyber security CVE debrief
CVE-2023-52887 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's J1939 CAN (Controller Area Network) protocol implementation, specifically within the `xtp_rx_rts_session_new` function. The issue involves improper error handling when closely received RTS (Request to Send) messages are processed, which could lead to problematic session states. The fix replaces less informative kernel backtraces with a new method that provides clearer error messages and enables early termination of problematic sessions. While the CVSS score of 6.5 indicates medium severity, the CISA CSAF source marks the impact as 'Misinformed,' suggesting the actual risk may be lower than initially assessed or that the vulnerability's impact was misunderstood in earlier analysis. The vulnerability affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. Organizations should consult the Siemens ProductCERT advisory for specific patch availability and affected product configurations, as the advisory has undergone multiple revisions to clarify the scope of affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) that utilize CAN/J1939 protocol support. OT security teams, industrial network administrators, and asset owners in manufacturing, energy, transportation, and critical infrastructure sectors using Siemens SINEC OS-based devices should prioritize verification of affected configurations.
Technical summary
The vulnerability exists in the Linux kernel's net/can/j1939 subsystem, specifically in the `xtp_rx_rts_session_new` function that handles RTS (Request to Send) message processing for J1939 transport protocol sessions. When RTS messages are received in close succession, the error handling mechanism previously generated uninformative kernel backtraces without properly terminating problematic sessions. The remediation replaces this approach with clearer error reporting and explicit early session termination to prevent resource exhaustion or undefined state conditions. This affects Siemens industrial networking products that incorporate the vulnerable kernel code through SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
- Verify if SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices in your environment are configured with affected J1939 CAN protocol features
- Apply kernel updates or Siemens firmware patches as they become available to address the J1939 session handling vulnerability
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for CAN/J1939 networks to limit exposure of industrial communication protocols
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. Impact marked 'Misinformed' in source threats data. Affected products include RUGGEDCOM RST2428P and SCALANCE X-family switches per CSAF product tree.
Official resources
-
CVE-2023-52887 CVE record
CVE.org
-
CVE-2023-52887 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12