PatchSiren cyber security CVE debrief
CVE-2024-3447 Cert Portal CVE debrief
CVE-2024-3447 affects QEMU’s SDHCI device emulation and can be triggered by a malicious guest to crash the host-side QEMU process. In the supplied Siemens/CISA advisory context, the issue is relevant to Siemens RUGGEDCOM ROX devices and is remediated by updating to V2.17.1 or later. The primary risk is availability: an attacker able to exercise the vulnerable guest path may cause a host denial of service.
- Vendor
- Cert Portal
- Product
- Siemens RUGGEDCOM ROX MX5000 vers:intdot/<2.17.1 RUGGEDCOM ROX MX5000RE RUGGEDCOM ROX RX1400 RUGGEDCOM ROX RX1500 RUGGEDCOM ROX RX1501 RUGGEDCOM ROX RX1510 RUGGEDCOM ROX RX1511 RUGGEDCOM ROX RX1512 RUGGEDCOM ROX RX1524 RUGGEDCOM ROX RX1536 RUGGEDCOM ROX RX5000
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Operators and security teams responsible for Siemens RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 deployments, especially where the affected software version is earlier than V2.17.1 and guest workloads are not fully trusted.
Technical summary
The advisory describes a heap-based buffer overflow in QEMU’s SDHCI emulation. The condition is triggered when both s->data_count and the size of s->fifo_buffer are 0x200, leading to an out-of-bounds access. The stated consequence is a crash of the QEMU process on the host, resulting in denial of service. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H, indicating a high-privilege guest-context trigger with availability impact only.
Defensive priority
High for affected Siemens RUGGEDCOM ROX deployments; medium in abstract CVSS terms because the impact is denial of service, but operationally important in industrial environments.
Recommended defensive actions
- Update affected Siemens RUGGEDCOM ROX systems to V2.17.1 or later, per the vendor remediation.
- Validate whether any deployed ROX model is in the affected product list and inventory all instances running versions earlier than V2.17.1.
- Treat guest-side access to the vulnerable QEMU path as a high-risk condition and minimize trust in guest workloads where possible.
- Apply ICS defense-in-depth and recommended practices from CISA to reduce the blast radius of host-side service disruption.
- Monitor for abnormal QEMU termination or service interruption and schedule remediation in a maintenance window appropriate for operational constraints.
Evidence notes
This debrief is based on the supplied CISA CSAF source for ICSA-26-134-16, which republishes Siemens ProductCERT advisory SSA-577017. The corpus states the vulnerability is a heap-based buffer overflow in QEMU SDHCI emulation, that a malicious guest can crash the host QEMU process, and that Siemens recommends updating to V2.17.1 or later. No evidence in the supplied material indicates code execution, data theft, or public exploitation.
Official resources
-
CVE-2024-3447 CVE record
CVE.org
-
CVE-2024-3447 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF advisory on 2026-05-12 and updated on 2026-05-14; these dates describe advisory publication and republication timing, not the original bug discovery date.