CVE-2024-46677 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families. Critical infrastructure operators, manufacturing facilities, and utility providers using affected products in operational technology environments should prioritize assessment and patching.

Technical summary

The vulnerability resides in the Linux kernel's GTP (GPRS Tunneling Protocol) subsystem. The function gtp_encap_enable_socket() can return NULL when sockfd_lookup() fails, but calling code only checks for error pointers (IS_ERR), not NULL pointers. This coding error leads to a NULL pointer dereference that can crash the kernel. The CVSS 3.1 vector indicates local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact. The vulnerability is rated MEDIUM severity with a base score of 5.5.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult vendor documentation for specific configuration guidance
• Implement network segmentation to limit exposure of affected industrial control systems
• Monitor vendor security advisories for additional affected product announcements
• Apply defense-in-depth strategies per CISA ICS recommended practices

Evidence notes

CVE published 2025-08-12; CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative source. Advisory modified 2026-02-25 with republication based on updated Siemens guidance.

Official resources