CVE-2024-45021 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial Ethernet switches in critical infrastructure, manufacturing, or utility environments. System administrators responsible for OT/ICS network security and availability should prioritize patching during maintenance windows.

Technical summary

The vulnerability resides in memcg_write_event_control(), a Linux kernel function handling memory cgroup event notifications. Insufficient validation of user-supplied input allows a local attacker with low privileges to trigger a kernel oops, causing denial of service. The flaw is classified as CWE-20 (Improper Input Validation). Siemens industrial networking products running SINEC OS incorporate affected kernel versions. The CVSS 3.1 base score is 5.5 (Medium), with attack vector local, attack complexity low, privileges required low, and no user interaction needed. Impact is limited to availability (High); confidentiality and integrity are unaffected.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later. For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355
• Implement defense-in-depth controls for industrial control systems per CISA recommended practices
• Restrict local access to affected devices to authorized personnel only
• Monitor for anomalous system crashes or unexpected reboots on affected devices
• Review and apply Siemens security advisory SSA-355557 guidance for affected product configurations

Evidence notes

CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Modified 2026-02-25. Advisory republished by CISA based on Siemens ProductCERT SSA-355557. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. CWE-20 (Improper Input Validation) identified.

Official resources