PatchSiren cyber security CVE debrief
CVE-2024-49973 Linux CVE debrief
CVE-2024-49973 describes a vulnerability in the r8169 network driver affecting the RTL8125 Ethernet controller. The issue stems from added fields to the tally counter structure, which could cause the chip to perform Direct Memory Access (DMA) on these new fields and potentially write to unallocated memory. This represents a memory safety issue that could lead to system instability or memory corruption. The vulnerability was published on August 12, 2025, and subsequently modified on February 25, 2026. Siemens has identified this CVE as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE product families, though the CISA advisory marks the impact assessment as 'Misinformed' for the tracked product IDs. Organizations should consult vendor guidance for patch availability and apply updates according to their risk management procedures.
- Vendor
- Linux
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
System administrators managing Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. Organizations running SINEC OS with affected third-party kernel components should prioritize vendor patch review. Industrial control system operators following CISA guidance for network infrastructure security.
Technical summary
The r8169 driver for Realtek RTL8125 Ethernet controllers contains a vulnerability where added fields to the tally counter structure may cause the hardware to perform DMA operations on uninitialized or unallocated memory regions. This hardware-level DMA behavior can result in memory corruption, system crashes, or undefined behavior. The vulnerability is classified under CWE-787 (Out-of-bounds Write).
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product impact and patch guidance
- Verify r8169 driver versions on affected Siemens industrial networking equipment
- Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE families when available
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category in the source data is marked as 'Misinformed' for the affected product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003), indicating potential clarification or correction in impact assessment. The advisory was republished by CISA on February 25, 2026, based on updated Siemens guidance.
Official resources
-
CVE-2024-49973 CVE record
CVE.org
-
CVE-2024-49973 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The vulnerability was disclosed through coordinated disclosure channels, with CISA publishing advisory ICSA-25-226-07 on August 12, 2025. Siemens ProductCERT issued security advisory SSA-355557 to address third-party components in SINEC OS.