PatchSiren cyber security CVE debrief
CVE-2024-46759 Siemens CVE debrief
CVE-2024-46759 is a medium-severity (CVSS 5.5) integer underflow vulnerability in the Linux kernel's hwmon adc128d818 driver. The flaw occurs when user-provided limit attributes are processed: DIV_ROUND_CLOSEST() is called after kstrtol() without proper bounds checking, causing an underflow when large negative numbers (e.g., -9223372036854775808) are supplied. The fix reorders clamp_val() and DIV_ROUND_CLOSEST() operations to prevent the underflow. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families running SINEC OS. OT security teams managing Linux-based industrial control systems with hardware monitoring capabilities should prioritize patching.
Technical summary
The adc128d818 hardware monitoring driver in the Linux kernel contains an integer underflow vulnerability in its limit attribute handling. When a user writes a large negative value to a limit attribute, the kstrtol() function converts it to a signed long, which DIV_ROUND_CLOSEST() then operates on before clamp_val() can enforce bounds. This ordering allows the underflow to occur. The resolution reorders these operations so that clamp_val() executes before DIV_ROUND_CLOSEST(), ensuring the value is bounded before arithmetic operations. This is a local vulnerability requiring authenticated access with low privileges, with impact limited to availability (system crash or instability).
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to affected Siemens industrial networking products: update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later; for SCALANCE XC-300/XR-300/XC-400/XR-500WG
- resourceLinkAnnotations
- resourceLinkAnnotations
- resourceLinkAnnotations
- resourceLinkAnnotations
- resourceLinkAnnotations
- resourceLinkAnnotations
- resourceLinkAnnotations
Evidence notes
The vulnerability description and affected products are derived from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Official resources
-
CVE-2024-46759 CVE record
CVE.org
-
CVE-2024-46759 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12