PatchSiren cyber security CVE debrief
CVE-2024-46689 Siemens CVE debrief
CVE-2024-46689 is a medium-severity vulnerability (CVSS 5.5) affecting Qualcomm System-on-Chip (SoC) command database (cmd-db) shared memory handling in the Linux kernel. The issue stems from incorrect memory mapping attributes: the cmd-db region is mapped as Write-Back (WB) cacheable when it should be Write-Combining (WC). Since Linux does not actually write to this region—it is write-protected by XPU (eXtended Protection Unit)—the WB mapping causes clean cache evictions to be falsely detected as write attempts. This triggers a secure interrupt that results in an endless loop within the Trust Zone, causing denial of service. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families, which incorporate the vulnerable Qualcomm components. The attack vector is local, requiring low privileges and no user interaction, with high availability impact but no confidentiality or integrity impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment based on Qualcomm SoCs, particularly in critical infrastructure and OT environments. System administrators responsible for RUGGEDCOM RST2428P and SCALANCE XC/XR/XCM/XRM/XCH/XRH switch families. Security teams monitoring for denial-of-service conditions in embedded Linux systems with Trust Zone implementations. Asset owners requiring high availability in industrial control system networks.
Technical summary
The vulnerability exists in the Qualcomm command database (cmd-db) driver where shared memory is incorrectly mapped with Write-Back (WB) cacheability attributes instead of Write-Combining (WC). The cmd-db region is write-protected by the XPU (eXtended Protection Unit) and is not written to by Linux. However, with WB mapping, clean cache line evictions are misinterpreted by XPU as write operations into the protected region. This false positive triggers a secure interrupt that causes an infinite loop within the Trust Zone secure environment, resulting in system unavailability. The fix involves changing the memory mapping from WB to WC, eliminating the cache coherency traffic that triggers the XPU false positive.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products as specified in Siemens security advisory SSA-355557
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens support resources for specific configuration guidance in addition to version updates
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Monitor for unexpected device resets or unavailability that may indicate Trust Zone instability
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- resourceLinkAnnotations:ref-4,ref-5,ref-6,ref-8
Evidence notes
The vulnerability description is derived from the CISA CSAF advisory ICSA-25-226-07, which republishes Siemens ProductCERT advisory SSA-355557. The technical root cause—incorrect cacheability attributes causing XPU false positives—matches the Linux kernel commit that introduced the fix. The affected product list and remediation guidance are sourced directly from the CSAF product tree and remediation sections.
Official resources
-
CVE-2024-46689 CVE record
CVE.org
-
CVE-2024-46689 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12