PatchSiren cyber security CVE debrief
CVE-2024-47701 Siemens CVE debrief
A vulnerability in the Linux kernel's ext4 filesystem could allow an out-of-bounds (OOB) memory access when the system.data extended attribute changes underneath the filesystem. This issue has been resolved in the upstream Linux kernel. Siemens has identified this vulnerability as affecting multiple industrial networking products that incorporate the vulnerable Linux kernel component, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability is rated HIGH severity with a CVSS 3.1 score of 7.8, requiring local access and low privileges but enabling high impact on confidentiality, integrity, and availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE industrial Ethernet switches in operational technology (OT) environments. Security teams responsible for industrial control system (ICS) infrastructure and firmware lifecycle management. Network administrators managing critical infrastructure with embedded Linux systems.
Technical summary
CVE-2024-47701 is an out-of-bounds memory access vulnerability in the Linux kernel's ext4 filesystem implementation. The vulnerability occurs when the system.data extended attribute changes underneath the filesystem, potentially leading to memory corruption. The issue has been resolved in upstream Linux kernel patches. Siemens ProductCERT has identified this vulnerability as affecting industrial networking equipment running embedded Linux, specifically the RUGGEDCOM RST2428P and multiple SCALANCE switch families. The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates local attack vector, low attack complexity, low privileges required, no user interaction, and high impact across confidentiality, integrity, and availability. Remediation requires firmware updates to V3.2 or later for affected products, with specific configuration guidance for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
- Implement network segmentation to limit local access to affected industrial control devices
- Monitor for anomalous filesystem operations on embedded Linux systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative vendor source. Advisory modified 2026-02-25 with republication based on updated Siemens guidance.
Official resources
-
CVE-2024-47701 CVE record
CVE.org
-
CVE-2024-47701 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12