CVE-2024-46798 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE X-family industrial Ethernet switches in critical infrastructure environments, including utilities, manufacturing, transportation, and energy sectors. System administrators responsible for maintaining SINEC OS-based industrial networks should prioritize firmware updates. Security teams monitoring OT/ICS environments for kernel-level vulnerabilities affecting availability of network infrastructure components. Organizations with deployed KASAN-enabled systems for security testing may have already detected this condition. Teams responsible for change management and maintenance windows should coordinate updates to minimize operational disruption to industrial processes.

Technical summary

The vulnerability exists in the ALSA System on Chip (ASoC) Dynamic Audio Power Management (DAPM) code path. During system suspension, the snd_pcm_suspend_all() function may access a snd_soc_pcm_runtime object that has already been freed, resulting in a use-after-free condition. This memory safety bug was identified through Kernel Address Sanitizer (KASAN) testing configurations. The flaw is triggered during power state transitions, specifically when the system enters suspension while audio components are active. The affected code path is part of the Linux kernel's sound subsystem and impacts Siemens industrial networking products that incorporate this kernel component through SINEC OS. The vulnerability requires local access to exploit and results in denial of service (system crash or instability) rather than code execution or information disclosure.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
• Implement network segmentation for industrial control systems to limit exposure of affected devices
• Monitor for anomalous system behavior or unexpected reboots during planned maintenance windows
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Review and apply Siemens security advisories for SINEC OS third-party component updates
• resourceLinkAnnotations: [ref-4, ref-5, ref-6, ref-8]

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. CISA advisory ICSA-25-226-07 republished 2026-02-25 based on Siemens ProductCERT SSA-355557 advisory. Advisory revision history shows multiple updates including correction of affected products list (2026-02-12) and clarification of SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family affected configuration (2026-02-24).

Official resources