PatchSiren cyber security CVE debrief
CVE-2024-47143 Siemens CVE debrief
A medium-severity deadlock vulnerability exists in the Linux kernel's DMA debug subsystem, affecting Siemens industrial networking products running SINEC OS. The flaw involves improper lock ordering between radix_lock() and dma_hash_entry[idx].lock, which can trigger a deadlock when the DMA debug API is invoked while holding rq_lock(). This local attack vector requires low privileges and no user interaction, with successful exploitation resulting in high availability impact (system hang or crash). The vulnerability was disclosed in CISA advisory ICSA-25-226-07 on 2025-08-12, with subsequent revisions through 2026-02-25 clarifying affected product configurations. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment in critical infrastructure environments, including utilities, manufacturing, and transportation sectors. System administrators responsible for RUGGEDCOM and SCALANCE device maintenance. Security teams monitoring ICS/OT environments for kernel-level vulnerabilities that could cause denial-of-service conditions. Compliance officers tracking CISA ICS advisories for regulatory and risk management purposes.
Technical summary
The vulnerability resides in the Linux kernel's dma-debug subsystem where radix_lock() is incorrectly held while dma_hash_entry[idx].lock is acquired. This lock ordering violation creates a potential deadlock when the DMA debug API is called with rq_lock() held. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact with no confidentiality or integrity effects. Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family running vulnerable SINEC OS versions. Remediation involves firmware updates to V3.2 or later, with specific configuration-dependent guidance for the SCALANCE XC/XR family.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor for system hangs or unresponsiveness that may indicate deadlock conditions in DMA debug operations
- Restrict local access to affected systems to authorized personnel only, as exploitation requires local attack vector
Evidence notes
CVE published 2025-08-12; CISA advisory ICSA-25-226-07 issued same date. Advisory revised 2026-02-12 (corrected affected products), 2026-02-24 (clarified SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration, removed rejected CVEs), and 2026-02-25 (CISA republication based on Siemens SSA-355557). CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Root cause: dma-debug radix_lock held while dma_hash_entry[idx].lock held, creating deadlock with rq_lock().
Official resources
-
CVE-2024-47143 CVE record
CVE.org
-
CVE-2024-47143 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12