PatchSiren cyber security CVE debrief
CVE-2024-47679 Siemens CVE debrief
A race condition vulnerability exists in the Linux kernel's Virtual File System (VFS) layer, specifically between `evict_inodes()` and `find_inode()`/`iput()` operations. This flaw affects Siemens industrial networking products running SINEC OS, which incorporates the vulnerable Linux kernel component. The vulnerability was published on August 12, 2025, with subsequent advisory updates through February 25, 2026, to refine affected product listings and incorporate corrections from Siemens ProductCERT.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments. System administrators responsible for maintaining availability of critical infrastructure networking equipment. Security teams monitoring for kernel-level vulnerabilities in embedded industrial systems.
Technical summary
This vulnerability stems from a race condition in the Linux kernel's Virtual File System (VFS) between the `evict_inodes()` function and concurrent `find_inode()`/`iput()` operations. The flaw can lead to system instability or denial of service conditions. The vulnerability is locally exploitable with low attack complexity, requiring only low privileges but no user interaction. The primary impact is to system availability. Siemens has addressed this in SINEC OS-based products through firmware updates to version 3.2 or later. The advisory scope was refined through multiple revisions to accurately reflect affected product configurations.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation to limit local access to affected industrial control systems
- Monitor for anomalous system behavior or unexpected reboots that may indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Review and apply Siemens security advisories as they are published for affected product lines
Evidence notes
The vulnerability description indicates a race condition in VFS inode handling. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact. The source advisory underwent three revisions: initial publication (2025-08-12), correction of affected products (2026-02-12), clarification of SCALANCE family configurations and removal of rejected CVEs (2026-02-24), and final CISA republication based on Siemens SSA-355557 (2026-02-25).
Official resources
-
CVE-2024-47679 CVE record
CVE.org
-
CVE-2024-47679 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public