PatchSiren cyber security CVE debrief

CVE-2024-46725 Siemens CVE debrief

CVE-2024-46725 describes an out-of-bounds write vulnerability in the Linux kernel's drm/amdgpu driver, caused by an unchecked ring type value. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA's advisory ICSA-25-226-07, which was republished on 2026-02-25 based on Siemens ProductCERT advisory SSA-355557, identifies this CVE as affecting Siemens industrial networking products that incorporate the vulnerable Linux kernel component. Specifically, the RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family are listed as affected products. The advisory's threat assessment categorizes the impact as 'Misinformed' for these product IDs. The vulnerability originates in the AMDGPU DRM (Direct Rendering Manager) driver's handling of ring buffer types, where insufficient validation of the ring type parameter can lead to out-of-bounds memory writes. This type of vulnerability typically requires local access or authenticated access to exploit, as it involves kernel driver interaction. The advisory has undergone multiple revisions, with significant updates in February 2026 including corrections to affected product lists and clarifications to product family configurations. No CVSS score or severity rating is provided in the available sources. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and there is no indication of known ransomware campaign use.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 product families. This includes critical infrastructure operators, manufacturing facilities, and utility providers deploying these devices in industrial control system environments.

Technical summary

CVE-2024-46725 is an out-of-bounds write vulnerability in the Linux kernel's AMDGPU DRM driver. The flaw exists due to insufficient validation of ring type values, which can result in writes outside allocated buffer boundaries. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, including RUGGEDCOM RST2428P switches and SCALANCE X-family industrial Ethernet switches. The vulnerability is classified with 'Misinformed' impact in the CISA advisory. As a kernel-level driver vulnerability, exploitation would typically require local access or the ability to interact with the DRM subsystem. The vulnerability was addressed through Linux kernel security updates, and Siemens has incorporated these fixes into affected product lines as detailed in advisory SSA-355557.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
Verify kernel versions on affected Siemens devices and apply vendor-provided updates when available
Implement network segmentation for industrial control systems to limit exposure of affected devices
Monitor CISA ICS advisories for updates to ICSA-25-226-07
Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The affected products are explicitly listed in the CSAF product tree with high confidence. The 'Misinformed' impact categorization appears in the threats section of the source advisory. The revision history confirms the advisory was republished on 2026-02-25 based on updated Siemens guidance. No CVSS vector or score is present in the source data.

Official resources

2025-08-12