PatchSiren cyber security CVE debrief

CVE-2024-43883 Siemens CVE debrief

CVE-2024-43883 is a vulnerability in the Linux kernel's USB Virtual Host Controller Interface (vhci-hcd) driver. The flaw occurs when the driver drops references to objects before obtaining new ones, potentially resulting in use-after-free conditions through stale pointer dereferences. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting their RUGGEDCOM RST2428P (6GK6242-6PA00) product, though the CISA advisory marks the impact assessment as 'Misinformed' for the affected product identifiers. The vulnerability originates from the upstream Linux kernel and has been incorporated into Siemens' SINEC OS through third-party components. Organizations should consult Siemens ProductCERT advisory SSA-355557 for specific patch availability and affected product configurations, as the advisory has undergone multiple revisions correcting product scope and clarifying affected configurations.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE industrial Ethernet devices running SINEC OS should prioritize this advisory. System administrators responsible for industrial control system infrastructure, OT security teams, and asset owners in critical infrastructure sectors utilizing Siemens networking equipment should monitor for vendor patches. Security teams should also assess whether USB/IP virtualization features are enabled on affected devices, as this determines actual exploitability of the kernel driver vulnerability.

Technical summary

The vhci-hcd driver in the Linux kernel contains a use-after-free vulnerability caused by dropping object references before acquiring replacement references. This race condition can lead to stale pointer dereferences, potentially causing kernel memory corruption or privilege escalation. The vulnerability affects systems utilizing USB/IP virtualization where the vhci-hcd driver is active. In the context of Siemens products, this affects devices running SINEC OS that incorporate the vulnerable kernel component. The CVSS 5.5 MEDIUM score reflects local attack vector requirements and high attack complexity.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for definitive affected product list and patch status, as the CISA advisory has undergone multiple corrections to product scope
Verify kernel version on affected Siemens devices running SINEC OS to determine exposure to the vhci-hcd driver vulnerability
Apply kernel updates or vendor-provided patches when available from Siemens for RUGGEDCOM RST2428P and other affected product families
Monitor Siemens security advisories for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and SCALANCE XCM-/XRM-/XCH-/XRH-300 family for additional product-specific guidance
Implement network segmentation for industrial control systems to limit exposure of USB virtualization interfaces
Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems

Evidence notes

Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07. Siemens vendor identification confirmed through CSAF product tree with high confidence. Impact assessment marked as 'Misinformed' in source threats data for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. Advisory revision history shows four updates, with the most recent on February 25, 2026, republicating based on Siemens ProductCERT SSA-355557.

Official resources

2025-08-12