CVE-2024-46685 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices in manufacturing, energy, transportation, and critical infrastructure sectors. Security teams responsible for OT/ICS asset management and patch deployment should prioritize firmware updates.

Technical summary

The vulnerability exists in the pinctrl-single driver (drivers/pinctrl/pinctrl-single.c) where pcs_get_function() calls pinmux_generic_get_function() and dereferences the returned pointer without NULL checking. This can trigger a kernel oops or panic when the function lookup fails. The issue is classified as CWE-476 (NULL Pointer Dereference) with a CVSS 3.1 base score of 5.5 (MEDIUM). Attack vector is local, requiring low privileges and no user interaction. The vulnerability was addressed in the Linux kernel and subsequently incorporated into Siemens SINEC OS firmware updates.

Defensive priority

medium

Recommended defensive actions

• Apply vendor firmware updates to V3.2 or later version for affected Siemens RUGGEDCOM and SCALANCE products
• Verify current firmware version on affected industrial networking devices
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous system crashes or unexpected reboots on affected devices
• Review Siemens ProductCERT advisory SSA-355557 for additional product-specific guidance

Evidence notes

Vulnerability published 2025-08-12 per CVE record and CISA CSAF advisory ICSA-25-226-07. Modified 2026-02-25. CVSS 3.1 score 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. CWE-476 (NULL Pointer Dereference). Affects Siemens RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Remediation: Update to V3.2 or later version per vendor advisory.

Official resources