PatchSiren cyber security CVE debrief
CVE-2024-46771 Siemens CVE debrief
A vulnerability in the Linux kernel's Controller Area Network (CAN) Broadcast Manager (BCM) subsystem allows a use-after-free condition when a network device is unregistered. The BCM protocol creates proc filesystem entries for CAN sockets, but these entries were not properly removed when the underlying CAN device was unregistered. This could lead to local denial of service through memory corruption or system instability. The vulnerability affects Siemens industrial networking products running SINEC OS, which incorporates the vulnerable Linux kernel component. The issue is rated MEDIUM severity with a CVSS 3.1 score of 5.5, reflecting local attack vector and high availability impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control environments. System administrators responsible for CAN bus implementations in critical infrastructure, manufacturing, and process control industries should prioritize patching. Security teams monitoring OT/ICS environments for kernel-level vulnerabilities affecting availability.
Technical summary
The vulnerability exists in the Linux kernel's CAN (Controller Area Network) Broadcast Manager (BCM) implementation. When a CAN network device is unregistered, the associated proc filesystem entry created by BCM sockets is not removed, leading to a stale pointer condition. This use-after-free vulnerability can be triggered by local users with appropriate privileges, resulting in system crashes or memory corruption. The fix ensures proper cleanup of proc entries during device unregistration. Siemens industrial networking products incorporating the vulnerable kernel component are affected, with vendor fixes available through firmware updates.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement network segmentation to limit access to industrial control system networks
- Monitor for anomalous local access attempts to CAN-enabled devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CISA published advisory ICSA-25-226-07 on 2025-08-12, subsequently updated on 2026-02-25 to reflect Siemens ProductCERT SSA-355557 advisory. The vulnerability description indicates a kernel-level issue in the CAN BCM subsystem where proc entries are not cleaned up on device unregistration. Siemens has issued vendor fixes for affected RUGGEDCOM and SCALANCE product families.
Official resources
-
CVE-2024-46771 CVE record
CVE.org
-
CVE-2024-46771 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12