PatchSiren cyber security CVE debrief
CVE-2024-36934 Siemens CVE debrief
A vulnerability in the Linux kernel's Brocade BNA (Brocade Network Adapter) driver could allow an out-of-bounds (OOB) read when processing user-supplied data. The issue stems from improper string termination: the driver allocates a kernel buffer sized exactly to the number of bytes copied from userspace, then passes this buffer to sscanf without ensuring NUL termination. This can cause sscanf to read beyond the buffer boundary. The vulnerability was resolved by switching from memdup_user to memdup_user_nul, which guarantees NUL termination. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The CVSS 3.1 vector indicates a local attack vector with low attack complexity, requiring low privileges and no user interaction, resulting in high availability impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches and RUGGEDCOM RST2428P devices. System administrators maintaining Linux kernel deployments with Brocade BNA hardware. Industrial control system operators relying on SINEC OS for network management.
Technical summary
The bna driver in the Linux kernel failed to ensure NUL termination of user-supplied buffers before passing them to sscanf, enabling out-of-bounds memory reads. The vulnerability is local, requires low privileges, and can cause denial of service (high availability impact). Resolution involves using memdup_user_nul to guarantee proper string termination.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS V3.1 or later for affected Siemens industrial networking products
- Review and update network segmentation controls for affected SCALANCE and RUGGEDCOM devices
- Monitor for anomalous local access attempts on systems running vulnerable kernel versions
- Validate that sscanf and similar string parsing operations in custom kernel modules properly handle buffer termination
- Consider implementing additional access controls to limit local privilege escalation paths on affected systems
Evidence notes
The vulnerability description indicates this is a kernel-level issue in the bna (Brocade Network Adapter) driver. The fix involves using memdup_user_nul instead of memdup_user to ensure proper NUL termination before sscanf operations. Siemens ProductCERT advisory SSA-613116 (referenced in CISA ICSA-25-226-15) identifies affected products and remediation guidance. The CVSS score of 5.5 (MEDIUM) with AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local exploitation with high availability impact but no confidentiality or integrity impact.
Official resources
-
CVE-2024-36934 CVE record
CVE.org
-
CVE-2024-36934 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12