PatchSiren cyber security CVE debrief
CVE-2024-47697 Siemens CVE debrief
CVE-2024-47697 is an out-of-bounds write vulnerability in the Linux kernel's RTL2830 DVB frontend driver. The flaw exists in the `rtl2830_pid_filter` function where an incorrect boundary check (`index > 32` instead of `index >= 32`) allows an index value of 32 to be processed. Since `dev->filters` is a 32-bit value, valid bit indices range from 0-31; an index of 32 causes access to a non-existent 33rd bit, resulting in out-of-bounds memory access. The vulnerability was resolved by correcting the boundary condition. This CVE was published on 2025-08-12 and last modified on 2026-02-25. The issue is documented in CISA advisory ICSA-25-226-07 and Siemens ProductCERT advisory SSA-355557, which covers affected Siemens industrial networking products including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. No CVSS score or severity rating is available in the provided source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS. System administrators maintaining Linux-based industrial systems with DVB-T/DVB-C tuner hardware utilizing the RTL2830 frontend driver. OT security teams responsible for patch management in critical infrastructure environments.
Technical summary
The vulnerability resides in `drivers/media/dvb-frontends/rtl2830.c` in the Linux kernel. The `rtl2830_pid_filter` function incorrectly validates PID filter indices using `index > 32` rather than `index >= 32`. The `dev->filters` member is a 32-bit unsigned integer (u32), meaning only bit positions 0 through 31 are valid. When `index == 32`, the `set_bit()` or `clear_bit()` operations access beyond the allocated storage, causing an out-of-bounds write. This is a classic off-by-one boundary condition error (CWE-787). The fix changes the comparison operator to properly exclude index 32, ensuring only valid bit positions 0-31 are used.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens industrial networking products when available
- Verify SINEC OS version and consult Siemens ProductCERT advisory SSA-355557 for specific patch guidance
- Review Linux kernel configurations on affected systems to confirm RTL2830 driver usage
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor CISA ICS advisories for additional updates to ICSA-25-226-07
Evidence notes
Boundary condition error in rtl2830_pid_filter function; 32-bit filters field with incorrect >32 check allowing index 32 to cause out-of-bounds bit access. Fixed by changing check to >=32.
Official resources
-
CVE-2024-47697 CVE record
CVE.org
-
CVE-2024-47697 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12