PatchSiren cyber security CVE debrief
CVE-2024-46755 Siemens CVE debrief
CVE-2024-46755 is a vulnerability in the Linux kernel's mwifiex wireless driver. The function `mwifiex_get_priv_by_id()` returns a private (`priv`) pointer based on `bss_num` and `bss_type` parameters without verifying whether that `priv` structure is currently in use. Unused `priv` pointers lack an attached `wiphy` structure, which can lead to NULL pointer dereferences in subsequent code paths that expect a valid `wiphy`. This represents a classic input validation issue (CWE-20) where the absence of a usage check allows dereference of uninitialized or stale structures. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products that incorporate the vulnerable Linux kernel component, specifically within their SINEC OS and related product lines. The CISA advisory ICSA-25-226-07, which republished Siemens' ProductCERT advisory SSA-355557, documents this third-party component vulnerability. Notably, the advisory's threat assessment categorizes the impact as 'Misinformed' for the affected product IDs, suggesting potential documentation or classification adjustments during the advisory lifecycle. Organizations running affected Siemens industrial networking equipment should consult vendor guidance for patch availability and apply kernel updates as provided through Siemens' product support channels.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches that utilize wireless capabilities through the mwifiex driver. OT security teams managing SINEC OS deployments and Linux-based industrial wireless infrastructure should prioritize vendor patch review.
Technical summary
The mwifiex driver in the Linux kernel contains a vulnerability in `mwifiex_get_priv_by_id()` where the function returns a `priv` pointer without checking if the corresponding BSS interface is actually in use. Unused `priv` structures lack a `wiphy` attachment, causing NULL pointer dereferences when subsequent code attempts to access `wiphy` fields. This is an input validation failure (CWE-20) in wireless interface management code.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
- Apply kernel updates through Siemens product support channels for affected SCALANCE and RUGGEDCOM devices
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial wireless infrastructure per CISA ICS recommended practices
- Validate that unused BSS interfaces are properly disabled or removed from mwifiex configurations where feasible
Evidence notes
Vulnerability description derived from CVE-2024-46755 record and CISA CSAF source ICSA-25-226-07. Siemens vendor attribution and affected product information sourced from CSAF product tree with high confidence. Threat category 'Misinformed' documented in source threats array for product IDs CSAFPID-0006, CSAFPID-0002, CSAFPID-0003. Advisory revision history shows multiple updates through 2026-02-25, including removal of rejected CVEs and republication based on Siemens SSA-355557.
Official resources
-
CVE-2024-46755 CVE record
CVE.org
-
CVE-2024-46755 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12