PatchSiren cyber security CVE debrief
CVE-2024-46707 Siemens CVE debrief
CVE-2024-46707 describes a KVM arm64 virtualization issue where writes to ICC_*SGI*_EL1 registers are trapped to EL2 when a guest lacks vGICv3 configuration and the host cannot emulate GICv2. The CISA CSAF advisory ICSA-25-226-07, republished on 2026-02-25, explicitly marks this CVE as **Misinformed** for Siemens products, indicating the vulnerability does not actually affect the listed Siemens industrial networking equipment. The CVE was published on 2025-08-12 and last modified on 2026-02-25. No CVSS score or severity is assigned. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Organizations should verify with Siemens ProductCERT documentation to confirm non-applicability to their specific product configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens RUGGEDCOM or SCALANCE industrial networking equipment who may have received vulnerability alerts for CVE-2024-46707 should verify the misinformed classification with official Siemens ProductCERT documentation. Security teams managing KVM-based virtualization infrastructure on arm64 platforms should ensure proper vGICv3 configuration or GICv2 emulation capabilities. ICS security practitioners should use this case as a reference for vendor-assessed vulnerability applicability versus raw CVE description scope.
Technical summary
This CVE addresses a KVM arm64 virtualization condition where ICC_*SGI*_EL1 register writes are trapped to EL2. The underlying Linux kernel issue involves proper handling of GICv3 system register access when virtual GICv3 is not configured. However, CISA and Siemens ProductCERT have assessed this as misinformed for the listed Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family), indicating the vulnerability does not apply to these systems.
Defensive priority
low
Recommended defensive actions
- Verify with Siemens ProductCERT SSA-355557 documentation to confirm CVE-2024-46707 does not affect deployed Siemens RUGGEDCOM or SCALANCE product configurations
- Review CISA ICS recommended practices for general industrial control system security posture
- Monitor Siemens security advisories for accurate vulnerability applicability to specific product versions
- Ensure KVM-based virtualization environments use properly configured vGICv3 or GICv2 emulation capabilities where applicable
Evidence notes
The source CSAF advisory ICSA-25-226-07 contains a threat categorization of 'impact' with details 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory revision history shows this was republished on 2026-02-25 based on Siemens ProductCERT SSA-355557. The CVE description describes a KVM arm64 GICv3 register trapping issue, but the vendor assessment indicates this does not affect the listed Siemens products.
Official resources
-
CVE-2024-46707 CVE record
CVE.org
-
CVE-2024-46707 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12