PatchSiren cyber security CVE debrief

CVE-2024-46815 Siemens CVE debrief

CVE-2024-46815 is a vulnerability in the AMD display driver subsystem (drm/amd/display) where the code fails to validate `num_valid_sets` before accessing the `reader_wm_sets[]` array. This missing bounds check could lead to out-of-bounds memory access. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products that incorporate third-party components, specifically the RUGGEDCOM RST2428P and SCALANCE product families running SINEC OS. However, the CISA advisory marks the impact assessment as 'Misinformed,' suggesting potential clarification or correction in how this vulnerability applies to the listed Siemens products. The CVE originates from the Linux kernel's AMD GPU display driver code, indicating this is a supply-chain/third-party component vulnerability rather than native Siemens-developed code. Organizations should verify whether their deployed Siemens devices incorporate the affected AMD display driver components and apply vendor-provided updates when available.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices running SINEC OS. OT security teams managing third-party component risk in industrial control systems. Asset owners requiring clarity on whether Linux kernel GPU driver vulnerabilities affect headless/industrial networking devices.

Technical summary

The vulnerability exists in the Linux kernel's DRM AMD display driver where `num_valid_sets` is not validated prior to array access on `reader_wm_sets[]`. This represents a classic missing bounds check (CWE-20: Improper Input Validation) that could result in out-of-bounds read conditions. The code path is in the display watermark management subsystem, which handles memory bandwidth calculations for AMD GPU display pipelines. While the underlying vulnerability is in open-source Linux kernel code, Siemens products running SINEC OS that incorporate affected kernel versions may be exposed if the AMD display driver components are present and utilized. The 'Misinformed' impact classification in the CISA advisory suggests the applicability or severity assessment for Siemens products may differ from standard CVE interpretation, warranting direct vendor confirmation.

Defensive priority

medium

Recommended defensive actions

Verify whether deployed Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices incorporate the affected AMD display driver components
Monitor Siemens ProductCERT advisory SSA-355557 for definitive affected product status and patch availability
Apply vendor-provided firmware updates for SINEC OS when available
Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Validate that third-party component inventories include Linux kernel AMD GPU display driver versions

Evidence notes

The vulnerability description indicates a missing bounds check in drm/amd/display before accessing reader_wm_sets[]. The CISA CSAF source (ICSA-25-226-07) lists this CVE under 'Siemens Third-Party Components in SINEC OS' with impact marked as 'Misinformed' per the threats section. The revision history shows multiple updates through 2026-02-25, including removal of rejected CVEs and clarification of affected product configurations. Siemens ProductCERT advisory SSA-355557 is the authoritative source for affected product determination.

Official resources

2025-08-12