PatchSiren cyber security CVE debrief
CVE-2024-38659 Siemens CVE debrief
CVE-2024-38659 is a medium-severity vulnerability (CVSS 5.5) in the Cisco enic driver affecting Siemens industrial networking products. The flaw stems from improper length validation of netlink attributes in the `enic_set_vf_port` function, which assumes fixed-length attributes (PORT_PROFILE_MAX for IFLA_PORT_PROFILE, PORT_UUID_MAX for IFLA_PORT_INSTANCE_UUID and IFLA_PORT_HOST_UUID). However, the underlying netlink policy validation in `do_setlink` only enforces maximum sizes, not exact sizes. This discrepancy can lead to out-of-bounds read operations during `memcpy` calls when processing undersized attributes, potentially causing denial of service conditions. The vulnerability was published on August 12, 2025, and affects Siemens RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. Siemens has released updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial Ethernet switches in critical infrastructure, manufacturing, or process control environments should prioritize patching to prevent potential denial of service conditions.
Technical summary
The vulnerability exists in the `enic_set_vf_port` function which performs `memcpy` operations on netlink attributes IFLA_PORT_PROFILE, IFLA_PORT_INSTANCE_UUID, and IFLA_PORT_HOST_UUID without verifying that the actual attribute lengths match the expected fixed sizes (PORT_PROFILE_MAX and PORT_UUID_MAX). While the netlink policy `ifla_port_policy` validates these attributes as NLA_STRING or NLA_BINARY types with maximum length constraints, it does not enforce exact length matching. An attacker with local privileges can supply undersized attributes, triggering out-of-bounds memory reads during the `memcpy` operations and potentially causing system instability or denial of service.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM devices
- Review network segmentation to limit local access to switch management interfaces
- Monitor for anomalous netlink traffic or unexpected system crashes on affected devices
- Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
Evidence notes
Vulnerability description and affected products confirmed through CISA ICS advisory ICSA-25-226-15 and Siemens ProductCERT advisory SSA-613116. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Official resources
-
CVE-2024-38659 CVE record
CVE.org
-
CVE-2024-38659 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12