PatchSiren cyber security CVE debrief
CVE-2024-46777 Siemens CVE debrief
CVE-2024-46777 is a medium-severity vulnerability in the UDF (Universal Disk Format) filesystem implementation affecting Siemens industrial networking products. The flaw involves improper input validation where the UDF driver fails to adequately check partition length values during filesystem mounting operations. Specifically, the vulnerability allows mounting of filesystems with partition lengths that would overflow 32-bit block number representations, or with partition lengths so large that safe indexing of bits in a block bitmap becomes impossible. This weakness, classified under CWE-20 (Improper Input Validation), could lead to denial of service conditions when processing malformed UDF filesystem images. The vulnerability was published on August 12, 2025, and subsequently modified on February 25, 2026, as part of CISA's republication of Siemens ProductCERT advisory SSA-355557. Siemens has released vendor fixes, with updates to version 3.2 or later recommended for affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE X-family industrial Ethernet switches in critical infrastructure environments, including utilities, transportation, and manufacturing sectors. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this vulnerability due to its potential for localized denial of service. System integrators and maintenance providers supporting Siemens industrial networking deployments should review affected product configurations and coordinate firmware updates during planned maintenance windows.
Technical summary
The vulnerability exists in UDF filesystem mounting logic where partition length validation is insufficient. The UDF driver uses 32-bit values for block numbers and bitmap indexing. When processing a UDF image with excessive partition length values, integer overflow conditions can occur in block number calculations, or unsafe memory access patterns may result from bitmap indexing operations on oversized partitions. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact with no confidentiality or integrity effects. The exploitability is rated as unproven (E:U) with official remediation available (RL:O).
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Implement physical access controls to prevent unauthorized local access to device management interfaces
- Monitor for anomalous filesystem mounting attempts or unexpected UDF media connections
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
CVE description and CVSS vector sourced from CISA CSAF advisory ICSA-25-226-07. Vendor and product attribution confirmed through CSAF product tree with high confidence. Remediation guidance extracted from CSAF remediations section. Timeline dates reflect CVE published/modified timestamps per source metadata.
Official resources
-
CVE-2024-46777 CVE record
CVE.org
-
CVE-2024-46777 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12