PatchSiren cyber security CVE debrief
CVE-2024-46744 Siemens CVE debrief
A vulnerability in the Linux kernel's Squashfs filesystem implementation, affecting symbolic link handling, has been resolved. The issue involved insufficient validation of symbolic link sizes, which could lead to denial of service conditions. Siemens has identified this vulnerability as affecting multiple industrial networking product families that incorporate the vulnerable Linux kernel component. The vulnerability was published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and clarifications regarding specific product family configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure and manufacturing environments. System administrators responsible for RUGGEDCOM and SCALANCE device fleets. OT security teams managing firmware lifecycle for industrial control systems. Compliance officers tracking CVE remediation for NERC CIP, IEC 62443, or similar industrial cybersecurity frameworks. Siemens partners and integrators deploying affected product families in customer environments.
Technical summary
The vulnerability exists in the Linux kernel's Squashfs filesystem driver, specifically in the handling of symbolic link sizes. The resolution implements proper sanity checking of symbolic link size values to prevent potential denial of service conditions. The CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector where an attacker with low privileges could cause high availability impact without user interaction. The vulnerability is classified under CWE-908 (Use of Uninitialized Resource). Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family, which incorporate the vulnerable Linux kernel component in their firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor Siemens ProductCERT security advisories for additional update guidance
- Follow CISA ICS recommended practices for defense-in-depth strategies
- resourceLinkAnnotations: [ref-4, ref-5, ref-6, ref-8, ref-10]
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-07 underwent four revisions, with significant updates on 2026-02-12 (product list corrections), 2026-02-24 (configuration clarifications and rejected CVE removals), and 2026-02-25 (CISA republication based on Siemens SSA-355557). CVSS 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact. CWE-908 (Use of Uninitialized Resource) referenced.
Official resources
-
CVE-2024-46744 CVE record
CVE.org
-
CVE-2024-46744 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public