PatchSiren cyber security CVE debrief
CVE-2024-46679 Siemens CVE debrief
A vulnerability in the Linux kernel's ethtool subsystem could allow a local attacker to cause a denial-of-service condition. The flaw occurs when retrieving link settings without verifying that the network device is present, potentially leading to a NULL pointer dereference or use-after-free condition. Siemens has identified this vulnerability as affecting multiple industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability requires local access and low privileges to exploit, with no impact to confidentiality or integrity, but high availability impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure and manufacturing environments. Security teams responsible for OT/ICS asset management, network administrators managing SCALANCE and RUGGEDCOM devices, and compliance officers tracking CVE remediation for industrial control systems.
Technical summary
The vulnerability exists in the Linux kernel's ethtool implementation where the ethtool_get_link_ksettings() function or related link settings retrieval paths fail to verify that the underlying network device is present before accessing device structures. This missing check can trigger when a network interface is removed or in a transient state during ethtool operations. The flaw results in a local denial-of-service condition exploitable by unprivileged users with local access. Siemens industrial networking products incorporating affected Linux kernel versions are vulnerable, specifically RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family running SINEC OS. The vulnerability was resolved in the upstream Linux kernel by adding device presence validation before accessing link settings.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local access vectors
- Monitor for anomalous ethtool or network interface enumeration activity on affected devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates a missing device presence check in the ethtool link settings retrieval path. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity and low privileges required, resulting in high availability impact only. Siemens ProductCERT advisory SSA-355557 provides affected product identification and remediation guidance. CISA republished this advisory as ICSA-25-226-07 with multiple revisions through February 2026 to correct affected product listings and clarify configuration requirements.
Official resources
-
CVE-2024-46679 CVE record
CVE.org
-
CVE-2024-46679 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12