PatchSiren cyber security CVE debrief
CVE-2024-47663 Siemens CVE debrief
CVE-2024-47663 is a division-by-zero vulnerability in the Linux kernel's AD9834 Direct Digital Synthesis (DDS) driver, specifically within the `ad9834_write_frequency()` function in the staging IIO frequency subsystem. The flaw occurs when `clk_get_rate()` returns zero, which is not properly handled before calling `ad9834_calc_freqreg()`, leading to a division by zero. The existing check `if (fout > (clk_freq / 2))` fails to protect against this condition when `fout` is zero. The function receives `fout` from user-supplied text buffers via `ad9834_write()`, allowing arbitrary values to trigger the vulnerability. This represents a local attack vector where authenticated users with low privileges can cause system instability through integrity and availability impacts.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family industrial Ethernet switches. System administrators responsible for industrial control system security, OT security teams, and network engineers managing critical infrastructure networks should prioritize patching. Organizations with local user access to these devices face elevated risk of service disruption.
Technical summary
The vulnerability exists in `ad9834_write_frequency()` where `clk_get_rate()` may return zero, causing division by zero in `ad9834_calc_freqreg()`. The frequency value `fout` is sourced from user-controlled text buffers through `ad9834_write()`, with insufficient validation before mathematical operations. The existing bounds check `if (fout > (clk_freq / 2))` does not prevent the zero-division condition when `clk_freq` is zero. This affects Siemens industrial networking products running vulnerable Linux kernel versions with the AD9834 driver enabled.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected Siemens RUGGEDCOM and SCALANCE products
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult vendor documentation for specific configuration guidance
- Implement network segmentation to limit access to industrial control system devices
- Follow CISA recommended practices for industrial control systems defense in depth
- Monitor for anomalous local access attempts to affected devices
- Review and restrict local user privileges on affected systems where possible
Evidence notes
The vulnerability description indicates this is a kernel driver issue in the staging IIO frequency subsystem for the AD9834 DDS chip. The flaw stems from insufficient input validation when processing frequency values from user space. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) confirms local attack vector with low attack complexity, requiring low privileges but no user interaction, with high impact to integrity and availability but no confidentiality impact.
Official resources
-
CVE-2024-47663 CVE record
CVE.org
-
CVE-2024-47663 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12