PatchSiren cyber security CVE debrief
CVE-2024-46702 Siemens CVE debrief
CVE-2024-46702 describes a Linux kernel issue in the Thunderbolt subsystem where XDomain connections are not properly marked as unplugged when a router is removed. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA republished this advisory on 2026-02-25 based on Siemens ProductCERT SSA-355557. The source advisory (ICSA-25-226-07) underwent multiple revisions, including corrections to affected products and removal of rejected CVEs in February 2026. Siemens RUGGEDCOM RST2428P and SCALANCE switch families are mentioned in the product context, though the threat data indicates these products are marked as 'Misinformed' regarding impact. No CVSS score or severity is available in the source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM and SCALANCE industrial network infrastructure with Thunderbolt connectivity, as well as Linux systems utilizing Thunderbolt XDomain networking features.
Technical summary
The vulnerability exists in the Linux kernel's Thunderbolt subsystem. When a Thunderbolt router is physically removed, XDomain connections (used for device-to-device networking over Thunderbolt cables) are not properly marked as unplugged. This can lead to stale connection states and potential resource management issues. The fix involves properly signaling XDomain unplug events when router removal is detected.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for product-specific guidance
- Verify Thunderbolt/XDomain configurations on affected industrial systems
- Apply vendor-provided firmware updates when available
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Source: CISA CSAF advisory ICSA-25-226-07, republished 2026-02-25 based on Siemens SSA-355557. Threat category marked as 'Misinformed' for affected product IDs. No CVSS vector or score provided in source.
Official resources
-
CVE-2024-46702 CVE record
CVE.org
-
CVE-2024-46702 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12