PatchSiren cyber security CVE debrief
CVE-2024-46844 Siemens CVE debrief
A vulnerability in the Linux kernel's User-Mode Linux (UML) subsystem could allow local attackers to cause denial-of-service conditions. The flaw exists in the `setup_one_line()` function where an uninitialized pointer (`*error_out`) may be printed in certain error paths, potentially leading to information disclosure or system instability. Siemens has identified this vulnerability as affecting multiple industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability carries a CVSS 3.1 score of 5.5 (MEDIUM) with a local attack vector requiring low privileges but no user interaction.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial network administrators, OT security teams, and organizations deploying Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family switches should prioritize firmware updates. Organizations with strict availability requirements for industrial control networks should assess exposure to local attack vectors and implement compensating controls where immediate patching is not feasible.
Technical summary
The vulnerability resides in the Linux kernel's User-Mode Linux (UML) line driver implementation. The `setup_one_line()` function fails to initialize the `*error_out` pointer in all code paths, yet callers may print this pointer in error handling scenarios. This can result in use of uninitialized memory, potentially causing kernel crashes or information disclosure. The issue affects Siemens industrial networking products that incorporate vulnerable Linux kernel versions in their SINEC OS firmware. Successful exploitation requires local access with low privileges, making this primarily a concern for multi-user or compromised-device scenarios in industrial environments.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Monitor for anomalous system behavior or unexpected reboots on affected devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Validate that only authorized personnel have local administrative access to affected devices
Evidence notes
The vulnerability description indicates an uninitialized pointer issue in the UML line driver where `*error_out` is not consistently initialized by callers but may still be printed. This represents a CWE-20 (Improper Input Validation) class issue. Siemens ProductCERT advisory SSA-355557 (referenced in CISA ICSA-25-226-07) provides affected product identification and remediation guidance. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates high availability impact from local exploitation.
Official resources
-
CVE-2024-46844 CVE record
CVE.org
-
CVE-2024-46844 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12