CVE-2024-46739 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial switches in critical infrastructure, manufacturing, or utility environments. System administrators responsible for OT/ICS network security and availability should prioritize patching to prevent potential service disruptions.

Technical summary

The vulnerability resides in the uio_hv_generic Linux kernel driver, which provides userspace I/O support for Hyper-V devices. The hv_uio_rescind function fails to properly handle NULL pointer conditions, leading to a kernel NULL pointer dereference. This can be triggered to cause a denial of service through system crash. The flaw requires local access with low privileges and has no confidentiality or integrity impact, but high availability impact. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable kernel component in their SINEC OS firmware.

Defensive priority

medium

Recommended defensive actions

• Apply vendor firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to SINEC OS V3.2 or later. For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT
• Implement network segmentation for industrial control systems to limit local access
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor for anomalous system crashes or unexpected reboots on affected devices
• Review and apply Siemens security advisory SSA-355557 guidance for affected configurations

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-25-226-07, republished 2026-02-25 based on Siemens ProductCERT SSA-355557. Affects SINEC OS-based Siemens industrial switches. Kernel-level NULL pointer dereference in Hyper-V UIO driver component.

Official resources