CVE-2022-48666 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE X-family industrial Ethernet switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) in critical infrastructure or industrial control environments should assess their exposure to this vulnerability.

Technical summary

This vulnerability exists in the SCSI (Small Computer Systems Interface) core subsystem of the Linux kernel. A use-after-free condition occurs when memory is accessed after it has been freed, potentially leading to memory corruption, denial of service, or code execution. The vulnerability affects Siemens industrial networking equipment running SINEC OS that incorporates the vulnerable kernel component. The CISA advisory indicates the threat impact is categorized as 'Misinformed' for the affected product configurations, suggesting potential for information disclosure or integrity issues rather than direct system compromise.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for detailed product impact and patch guidance
• Verify SINEC OS version and affected product configurations against vendor documentation
• Apply vendor-provided security updates when available
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor CISA ICS advisories for additional updates to ICSA-25-226-07

Evidence notes

CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. Threat impact categorized as 'Misinformed' per source threats array. Affected products include RUGGEDCOM RST2428P and SCALANCE X-family switches per CSAF product tree.

Official resources