PatchSiren cyber security CVE debrief
CVE-2024-46737 Siemens CVE debrief
A vulnerability in the Linux kernel's NVMe-oF TCP target (nvmet-tcp) implementation can cause a kernel crash when command allocation fails. The flaw exists in the NVMe over Fabrics TCP transport layer, where improper handling of memory allocation failures leads to a NULL pointer dereference or similar crash condition. This affects Siemens industrial networking products that incorporate the vulnerable kernel component, specifically the RUGGEDCOM RST2428P switch and SCALANCE XC/XR/XCM/XRM/XCH/XRH switch families running SINEC OS. The vulnerability requires local access with low privileges to trigger, resulting in high availability impact through denial of service (system crash). Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH industrial Ethernet switches in critical infrastructure environments, particularly those with NVMe-oF TCP configurations. System administrators responsible for OT/ICS network maintenance and patch management should prioritize firmware updates. Security teams monitoring industrial control environments for availability risks and kernel-level vulnerabilities.
Technical summary
The vulnerability resides in the NVMe over Fabrics TCP target implementation (nvmet-tcp) within the Linux kernel. When the kernel fails to allocate command structures due to memory pressure or resource exhaustion, the error handling path contains a defect that triggers a kernel crash. This manifests as a denial-of-service condition requiring device restart. The flaw is classified as CWE-20 (Improper Input Validation) or related to improper error handling. Affected Siemens products incorporate this vulnerable kernel component in their SINEC OS firmware. The attack requires authenticated local access with low privileges, making exploitation dependent on prior compromise or insider access. No confidentiality or integrity impact is associated with this vulnerability; impact is limited to availability.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration and patch guidance
- Implement network segmentation to limit local access to affected industrial control devices
- Monitor for anomalous system crashes or unexpected reboots on affected devices that may indicate exploitation attempts
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a kernel crash condition in nvmet-tcp when command allocation fails. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low privileges required, no user interaction, and high availability impact. Siemens ProductCERT advisory SSA-355557 provides vendor-specific context and remediation guidance. CISA advisory ICSA-25-226-07 was initially published 2025-08-12 and subsequently updated 2026-02-12, 2026-02-24, and 2026-02-25 to correct affected products and incorporate vendor advisory updates.
Official resources
-
CVE-2024-46737 CVE record
CVE.org
-
CVE-2024-46737 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12