PatchSiren cyber security CVE debrief
CVE-2024-47705 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's block layer where an invalid pointer dereference could occur in the blk_add_partition() function. The issue stemmed from a code refactoring that modified error handling to separately process -ENXIO errors, inadvertently creating a code path where md_autodetect_dev() could be called without verifying that the partition pointer was valid. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM severity), with a local attack vector requiring low privileges and resulting in high availability impact. Siemens has identified affected products in their industrial networking equipment lines, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH switch families. System administrators responsible for Linux-based industrial control systems and OT security teams monitoring kernel-level vulnerabilities in embedded industrial devices.
Technical summary
The vulnerability exists in the Linux kernel's block device partition handling code. A refactoring of blk_add_partition() introduced a logic error where the -ENXIO error case was handled separately from general error conditions, but this change failed to ensure that md_autodetect_dev() would only be called with a valid partition pointer. The fix separates error handling logic to explicitly distinguish between general errors and -ENXIO while maintaining proper pointer validation. This is a local vulnerability requiring authenticated access, with exploitation potentially causing denial of service through invalid memory access.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local access to affected devices
- Monitor for anomalous system behavior or unexpected reboots that could indicate exploitation attempts
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- resourceLinkAnnotations:ref-4,ref-5,ref-6,ref-8
Evidence notes
The vulnerability description is derived from the Linux kernel commit message explaining the fix for blk_add_partition(). The affected products and remediation guidance are sourced from CISA CSAF data identifying Siemens RUGGEDCOM and SCALANCE product lines. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with high availability impact but no confidentiality or integrity impact.
Official resources
-
CVE-2024-47705 CVE record
CVE.org
-
CVE-2024-47705 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The vulnerability was disclosed through CISA ICS advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026. The advisory was republished based on Siemens ProductCERT SSA-355557.