CVE-2024-38634 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial networking equipment should prioritize patching. System administrators managing Linux-based embedded systems with MAX3100 serial hardware should ensure kernel updates are applied.

Technical summary

The MAX3100 serial driver in the Linux kernel contains a race condition where uart_handle_cts_change() is called from a workqueue context without holding the required port->lock. This function requires the lock to be held for proper synchronization. When called without it, the kernel generates a WARNING splat indicating the locking violation. The fix explicitly acquires port->lock before the call. Siemens products running SINEC OS incorporate this kernel code and are affected, with patches available in SINEC OS V3.1 and later.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to SINEC OS V3.1 or later for affected Siemens SCALANCE and RUGGEDCOM products
• For products where patching is not immediately feasible, implement network segmentation to limit access to device management interfaces
• Monitor for anomalous system behavior or kernel warnings on affected devices
• Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems

Evidence notes

The vulnerability was resolved in the Linux kernel by ensuring port->lock is explicitly held when calling uart_handle_cts_change() in the max3100 workqueue handler. Without this lock, the kernel produces a warning splat at drivers/tty/serial/serial_core.c:3491. Siemens ProductCERT published advisory SSA-613116 addressing this in their SINEC OS-based products, with CISA republishing as ICSA-25-226-15 on 2025-08-12 and updating through 2026-02-25.

Official resources