PatchSiren cyber security CVE debrief
CVE-2024-38578 Siemens CVE debrief
CVE-2024-38578 is a buffer overflow vulnerability in the eCryptfs kernel module affecting Siemens industrial networking products. The flaw stems from an incorrect buffer size calculation in the TAG 66 packet format handling, where the cipher code and checksum fields were omitted from the allocation size. This results in a 3-byte undersized buffer, causing write_tag_66_packet() to write up to 3 bytes past the allocated buffer boundary. The vulnerability is rated MEDIUM severity (CVSS 5.5) with a local attack vector requiring low privileges but no user interaction. Successful exploitation results in high availability impact (denial of service) with no confidentiality or integrity effects. The vulnerability was published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including manufacturing facilities, critical infrastructure operators, and utility providers using affected SCALANCE switches or RUGGEDCOM devices. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this update due to the local privilege requirement and potential for denial of service conditions on affected systems.
Technical summary
The vulnerability exists in write_tag_66_packet() within the eCryptfs kernel module. The TAG 66 Packet Format specification failed to account for cipher code (1 byte) and checksum (2 bytes) fields in buffer size calculations, resulting in a 3-byte allocation deficit. When constructing the packet, these fields are written beyond the allocated buffer boundary, causing heap or stack corruption depending on allocation context. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high availability impact only. Affected products include RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running vulnerable SINEC OS versions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.1 or later for affected SCALANCE and RUGGEDCOM products per Siemens ProductCERT advisory
- Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
- Monitor Siemens ProductCERT security advisories for additional updates to SSA-613116
- Verify eCryptfs usage on affected systems and assess local access controls to reduce exploitation risk
Evidence notes
Vulnerability description and technical details sourced from CISA CSAF advisory ICSA-25-226-15. Vendor attribution confirmed via CSAF product tree. CVSS vector and remediation guidance extracted from source advisory. Timeline derived from revision history showing initial publication 2025-08-12 and final update 2026-02-25.
Official resources
-
CVE-2024-38578 CVE record
CVE.org
-
CVE-2024-38578 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12