PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-45003 Siemens CVE debrief

CVE-2024-45003 is a medium-severity Linux kernel vulnerability affecting the virtual filesystem (VFS) layer, specifically impacting filesystems such as ext4 with the ea_inode feature enabled and UBIFS with extended attributes (xattr). The vulnerability stems from a potential deadlock condition that can occur when inode lookup operations are performed within the inode eviction callback function while operating under an inode LRU (Least Recently Used) traversing context. This race condition in kernel memory management could lead to system hangs or denial-of-service conditions requiring manual intervention or reboot. The vulnerability was published on August 12, 2025, and subsequently modified on February 25, 2026, as part of CISA's republication of Siemens ProductCERT advisory SSA-355557. Siemens has identified affected products in their industrial networking portfolio, including RUGGEDCOM RST2428P switches and multiple SCALANCE product families (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families). The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact. While not listed in CISA's Known Exploited Vulnerabilities catalog, organizations operating affected Siemens industrial network infrastructure should prioritize patching to V3.2 or later versions where available, as kernel-level deadlocks in industrial control systems can disrupt critical operational technology environments.

Vendor
Siemens
Product
RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2025-08-12
Original CVE updated
2026-02-25
Advisory published
2025-08-12
Advisory updated
2026-02-25

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH product families in operational technology environments. System administrators responsible for Linux-based embedded systems in critical infrastructure, manufacturing, energy, and transportation sectors where device availability is essential. Security teams monitoring industrial control system vulnerabilities and maintaining patch management programs for OT assets.

Technical summary

The vulnerability exists in the Linux kernel's virtual filesystem layer where certain filesystem implementations (ext4 with ea_inode feature, UBIFS with xattr) may perform inode lookup operations within the inode eviction callback. When this occurs under an inode LRU traversing context, a circular locking dependency can form resulting in deadlock. The condition requires local access with low privileges to trigger, and successful exploitation results in denial-of-service through system hang. The CVSS 3.1 base score of 5.5 (Medium) reflects the local attack vector and high availability impact with no confidentiality or integrity impact.

Defensive priority

medium

Recommended defensive actions

  • Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens guidance
  • Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration and apply appropriate vendor fixes as specified in Section Additional Information of advisory
  • Implement network segmentation for industrial control systems to limit exposure of affected devices
  • Monitor for system hangs or unresponsive behavior in affected devices that may indicate deadlock conditions
  • Establish maintenance windows for patching to minimize operational disruption in critical infrastructure environments
  • Consult Siemens ProductCERT advisory SSA-355557 for detailed product-specific remediation guidance

Evidence notes

Vulnerability description derived from CISA CSAF advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557. Affected products confirmed through CSAF product tree with high confidence. CVSS vector and remediation details sourced from official CISA CSAF JSON. Timeline dates reflect CVE publication (2025-08-12) and CISA republication update (2026-02-25) per advisory revision history.

Official resources

2025-08-12