CVE-2024-46781 Siemens CVE debrief

Who should care

Operators of Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P industrial networking equipment; industrial control system security teams; critical infrastructure operators using affected Siemens devices

Technical summary

The nilfs2 filesystem contains a use-after-free vulnerability triggered during mount-time recovery. When the filesystem attempts to recover data from the log, inodes containing recovered data are allocated but not properly freed if an error condition occurs before the log writer thread starts. This failure to release allocated inodes can result in memory corruption. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable nilfs2 implementation through their SINEC OS operating system.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance
• Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM devices when available
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous system behavior during filesystem mount operations on affected devices

Evidence notes

Source: CISA CSAF advisory ICSA-25-226-07, republished February 25, 2026 based on Siemens ProductCERT SSA-355557. The advisory's threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003.

Official resources