PatchSiren cyber security CVE debrief
CVE-2024-45492 Siemens CVE debrief
CVE-2024-45492 is a High-severity integer overflow issue in libexpat that Siemens lists in its ICS advisory for the RUGGEDCOM RST2428P and related product families. The flaw is described as occurring in nextScaffoldPart in xmlparse.c before libexpat 2.6.3, and it is specifically noted to affect 32-bit platforms where UINT_MAX equals SIZE_MAX. Siemens recommends updating affected products to V3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Operators and maintainers of Siemens deployments named in the advisory, especially RUGGEDCOM RST2428P (6GK6242-6PA00) and the other listed Siemens families, should review exposure. OT/ICS security teams should also care if their environment uses libexpat on 32-bit platforms or processes untrusted XML through affected Siemens software.
Technical summary
The advisory describes an integer overflow in libexpat's xmlparse.c path, in nextScaffoldPart, involving m_groupSize. The condition is called out for 32-bit platforms where UINT_MAX equals SIZE_MAX. CISA's CSAF record rates the issue CVSS 7.3 High with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating network-reachable exposure with low confidentiality, integrity, and availability impact.
Defensive priority
High — prioritize affected Siemens OT assets, especially where the vulnerable library path may be reachable through attacker-controlled input. Siemens provides a vendor fix path, so patching should be scheduled promptly after validating product/version applicability.
Recommended defensive actions
- Confirm whether any Siemens products listed in the advisory are deployed, including RUGGEDCOM RST2428P and the other named families.
- Apply Siemens' recommended update path and move affected products to V3.1 or later.
- Pay special attention to 32-bit deployments, which are the platform condition explicitly identified in the advisory.
- Review any XML-processing exposure paths and reduce trust in externally supplied input until remediation is complete.
- Use the Siemens and CISA advisories to verify exact product/version applicability before maintenance windows.
Evidence notes
Source corpus states: 'An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).' The CISA CSAF advisory (ICSA-25-226-15) was initially published on 2025-08-12 and later republished on 2026-02-25 based on Siemens ProductCERT advisory SSA-613116. The advisory's remediation field directs users to update to V3.1 or later for affected products.
Official resources
-
CVE-2024-45492 CVE record
CVE.org
-
CVE-2024-45492 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2025-08-12, with a later CISA republication update on 2026-02-25 based on Siemens ProductCERT SSA-613116.