PatchSiren cyber security CVE debrief
CVE-2024-46743 Siemens CVE debrief
CVE-2024-46743 is a HIGH severity (CVSS 7.1) out-of-bounds read vulnerability in the Linux kernel's Open Firmware (OF) interrupt handling code. The flaw exists in the interrupt map walk functionality within `of/irq`, where improper bounds checking on device addresses could allow a local attacker to read memory outside intended boundaries. This vulnerability was resolved in the upstream Linux kernel with a fix that prevents device address out-of-bounds reads during interrupt map traversal. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P switches and multiple SCALANCE switch families (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families). The vulnerability requires local access with low privileges, can result in high confidentiality impact (information disclosure) and high availability impact, but does not affect integrity.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P industrial switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family switches in industrial control system (ICS) environments. System administrators responsible for Linux kernel security in embedded and industrial networking devices. Security teams managing OT/ICS infrastructure requiring defense-in-depth strategies against local privilege escalation and information disclosure vulnerabilities.
Technical summary
The vulnerability resides in the Linux kernel's Open Firmware (OF) interrupt subsystem (`drivers/of/irq.c`). During interrupt map walk operations, the code fails to properly validate device address boundaries, resulting in a potential out-of-bounds read (CWE-125). A local attacker with low privileges can trigger this condition to read sensitive kernel memory, leading to information disclosure and potential system instability. The attack requires local access and no user interaction, with successful exploitation yielding high impact to confidentiality and availability. The fix implements proper bounds checking to prevent reading beyond allocated device address structures during interrupt map parsing.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
- Implement network segmentation to limit local access to affected industrial switches
- Monitor for anomalous local access attempts to affected devices
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H confirms local attack vector with high confidentiality and availability impact, no integrity impact.
Official resources
-
CVE-2024-46743 CVE record
CVE.org
-
CVE-2024-46743 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12