CVE-2024-42102 Siemens CVE debrief

Who should care

Industrial control system operators using Siemens SCALANCE or RUGGEDCOM networking equipment; organizations running 32-bit Linux kernels in operational technology environments; security teams responsible for OT/ICS patch management.

Technical summary

The vulnerability stems from commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78 in the Linux kernel's mm/writeback subsystem. The reverted change removed a (u64) cast from a multiplication operation in wb_dirty_limits(), causing integer overflow on 32-bit architectures when wb_thresh * bg_thresh exceeds 2^32 pages—a condition commonly triggered with 4GB RAM default settings. The commit also introduced unnecessarily expensive div64_u64() operations. The revert was part of a patch series ensuring dirty limits fit within 32-bit page units. Siemens has confirmed affected products in their SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P product lines.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.1 or later for affected Siemens SCALANCE and RUGGEDCOM products
• Review CISA ICS recommended practices for defense-in-depth strategies
• Monitor Siemens ProductCERT advisories for additional affected product notifications
• Validate dirty throttling configurations on 32-bit Linux systems in industrial environments

Evidence notes

CVE published 2025-08-12. CISA advisory ICSA-25-226-15 published same date, with subsequent updates through 2026-02-25. Siemens ProductCERT advisory SSA-613116 provides vendor remediation guidance.

Official resources