PatchSiren cyber security CVE debrief
CVE-2024-46791 Siemens CVE debrief
A deadlock vulnerability exists in the Linux kernel's MCP251x CAN controller driver. The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler, creating a race condition where an interrupt occurring during mcp251x_open can cause a deadlock. This affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable kernel component. The vulnerability requires local access with low privileges and no user interaction, resulting in high availability impact through denial of service. Siemens has released firmware updates to address this issue in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial networking devices in critical infrastructure environments, particularly those relying on CAN bus communications for industrial control systems.
Technical summary
The vulnerability resides in the mcp251x CAN controller driver within the Linux kernel. During device initialization (mcp251x_open), the mcp251x_hw_wake() function acquires the mpc_lock mutex and disables interrupts to prevent race conditions during device wake. However, if an interrupt occurs during this window before interrupts are fully disabled, the system can enter a deadlock state. The interrupt handler may attempt to acquire mpc_lock while the open path holds it, and the open path waits for interrupt processing to complete. This classic lock hierarchy violation results in system unavailability. The CVSS 3.1 score of 5.5 (MEDIUM) reflects the local attack vector and high availability impact with no confidentiality or integrity effects.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
- Implement network segmentation for industrial control systems to limit local access to affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT portal for additional updates to affected product configurations
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA ICS advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 provides vendor fix details. CVSS 3.1 vector confirms local attack vector with low attack complexity and high availability impact.
Official resources
-
CVE-2024-46791 CVE record
CVE.org
-
CVE-2024-46791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12