PatchSiren cyber security CVE debrief
CVE-2024-47710 Siemens CVE debrief
CVE-2024-47710 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's sock_map subsystem, specifically within the sock_hash_free() function. The issue stems from the addition of a cond_resched() call intended to prevent CPU soft lockups when destroying maps with a large number of buckets. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability is exploitable locally with low attack complexity and low privileges required, resulting in high availability impact. Siemens has provided vendor fixes, with updates to V3.2 or later versions recommended for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure and OT environments. Security teams responsible for patch management of RUGGEDCOM and SCALANCE device fleets. ICS/SCADA security practitioners monitoring CISA advisories for third-party component vulnerabilities in industrial products.
Technical summary
The vulnerability exists in the Linux kernel's BPF sock_map subsystem. The sock_hash_free() function, which destroys hash-based socket maps, was modified to include a cond_resched() call to yield CPU time and prevent soft lockups when processing maps with large bucket counts. This modification introduced a vulnerability condition. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector requiring low privileges, with no confidentiality or integrity impact but high availability impact. The vulnerability affects Siemens industrial networking products running vulnerable Linux kernel versions, specifically RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The advisory underwent three revision cycles after initial publication to correct affected product listings and clarify configuration requirements, with the most recent update on February 25, 2026.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later version for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens ProductCERT guidance
- Review additional configuration guidance for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments
- Monitor CISA ICS advisories for subsequent updates to affected product lists, as the advisory was revised multiple times (February 12, 24, and 25, 2026) to correct and clarify affected configurations
- Implement defense-in-depth strategies for industrial control systems as recommended by CISA ICS security practices
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07. Affected products confirmed through Siemens ProductCERT SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with availability impact. Remediation guidance specifies V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family; SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family has vendor fix available with additional configuration guidance.
Official resources
-
CVE-2024-47710 CVE record
CVE.org
-
CVE-2024-47710 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public