PatchSiren cyber security CVE debrief
CVE-2024-46747 Siemens CVE debrief
CVE-2024-46747 describes a slab-out-of-bounds read vulnerability in the Linux kernel's HID cougar driver. The `cougar_report_fixup` function for the Cougar 500k Gaming Keyboard failed to verify that the report descriptor size was correct before accessing it, potentially leading to memory corruption or information disclosure. This vulnerability was originally published in the Linux kernel context but appears in Siemens industrial control system advisories due to third-party component usage in SINEC OS and related network infrastructure products. The CISA ICS advisory ICSA-25-226-07, published 2025-08-12 and most recently modified 2026-02-25, tracks this vulnerability as part of Siemens' third-party component security assessment. Notably, the advisory's threat assessment categorizes the impact for affected Siemens products as 'Misinformed,' suggesting the vulnerability may not be directly exploitable in the specific product configurations or that the risk assessment differs from the original CVE context. The advisory underwent significant revision in February 2026, including corrections to affected product lists and removal of multiple rejected CVEs, indicating active maintenance of accuracy. Organizations running Siemens SCALANCE or RUGGEDCOM products with SINEC OS should verify their specific product configurations against Siemens' SSA-355557 advisory to determine actual exposure, as the affected product list has been subject to correction.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial network infrastructure including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches with SINEC OS; industrial control system administrators managing Linux-based embedded systems with HID device support; security teams tracking third-party component vulnerabilities in OT/ICS environments
Technical summary
The vulnerability exists in the `cougar_report_fixup` function within the Linux kernel's HID (Human Interface Device) subsystem, specifically for the Cougar 500k Gaming Keyboard driver. The function fails to validate the report descriptor size before memory access, resulting in a slab-out-of-bounds read condition. In the Siemens product context, this vulnerability is tracked as a third-party component issue within SINEC OS, which powers various industrial network infrastructure products including SCALANCE switches and RUGGEDCOM devices. The CISA advisory's 'Misinformed' threat categorization suggests that either the vulnerability is not exploitable in the specific product configurations, the risk has been reassessed, or the initial correlation may have been inaccurate. The advisory's revision history demonstrates ongoing accuracy improvements, with affected product corrections in February 2026 and removal of 15 rejected CVEs.
Defensive priority
medium
Recommended defensive actions
- Verify specific Siemens product configuration against Siemens ProductCERT SSA-355557 to confirm exposure status, as the affected product list was corrected in February 2026
- Review SINEC OS and embedded Linux kernel versions in use for inclusion of vulnerable HID cougar driver code
- Apply kernel updates or Siemens firmware patches that address third-party component vulnerabilities when available
- Implement network segmentation for industrial control systems to limit exposure of HID-related attack surfaces
- Monitor CISA ICS advisories for updates to ICSA-25-226-07, which has undergone multiple revisions since initial publication
Evidence notes
Vulnerability originates in Linux kernel HID subsystem (cougar driver). CISA ICS advisory ICSA-25-226-07 tracks this as third-party component in Siemens SINEC OS. Advisory threat assessment marks impact as 'Misinformed' for listed product IDs. Revision history shows active correction of affected products (2026-02-12) and removal of rejected CVEs (2026-02-24).
Official resources
-
CVE-2024-46747 CVE record
CVE.org
-
CVE-2024-46747 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12