CVE-2024-46800 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control environments. System administrators responsible for network infrastructure in manufacturing, energy, transportation, and critical infrastructure sectors using affected Siemens networking equipment.

Technical summary

The vulnerability exists in the sch/netem component of the Linux kernel. When netem_dequeue() enqueues a packet to an inner qdisc and that qdisc returns __NET_XMIT_STOLEN, a use-after-free condition can occur. This memory safety flaw could allow a local attacker with low privileges to trigger a denial of service condition. The CVSS 3.1 score of 5.5 (MEDIUM) reflects the local attack vector and high availability impact with no confidentiality or integrity effects. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Defensive priority

medium

Recommended defensive actions

• Apply vendor firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to version 3.2 or later.
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates.
• Implement network segmentation to limit local access to affected industrial control devices.
• Monitor for anomalous network behavior or unexpected device reboots that may indicate exploitation attempts.
• Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments.

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-25-226-07 based on Siemens ProductCERT advisory SSA-355557. The flaw originates in the Linux kernel's sch/netem component. CVSS 3.1 vector confirms local attack vector with low attack complexity and low privileges required.

Official resources