PatchSiren cyber security CVE debrief
CVE-2024-47712 Siemens CVE debrief
CVE-2024-47712 describes a vulnerability in the wilc1000 Wi-Fi driver related to RCU (Read-Copy-Update) dereference handling in the `wilc_parse_join_bss_param` function. The issue involves storing the TSF (Timing Synchronization Function) value in a local variable before releasing the RCU lock, which is intended to prevent use-after-free errors. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. The vulnerability is associated with Siemens industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. CISA published advisory ICSA-25-226-07 covering this issue, which was subsequently republished on February 25, 2026, based on Siemens ProductCERT advisory SSA-355557. Notably, the CISA advisory marks the impact as 'Misinformed' for the affected products, suggesting the vulnerability may not be exploitable in the specific Siemens product context or that the initial assessment was incorrect. No CVSS score or severity is available in the source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family switches or RUGGEDCOM RST2428P devices with Wi-Fi capabilities; industrial control system operators using SINEC OS; security teams responsible for OT/ICS network infrastructure
Technical summary
This vulnerability exists in the wilc1000 Wi-Fi driver, specifically in the `wilc_parse_join_bss_param` function. The issue is a potential RCU dereference problem where the TSF (Timing Synchronization Function) value is stored in a local variable before releasing the RCU lock. This coding pattern is intended to prevent use-after-free errors that could occur if the RCU-protected data structure were accessed after the lock is released. The wilc1000 driver is used in embedded Linux systems including Siemens industrial networking equipment running SINEC OS. The CISA advisory marks the impact as 'Misinformed' for the listed Siemens products, indicating the vulnerability may not be exploitable in these specific implementations or that the initial vulnerability assessment was incorrect.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for definitive product impact assessment
- Verify whether SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices in your environment are configured in affected mode per February 2026 advisory clarification
- Apply vendor-provided firmware updates for SINEC OS when available
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Implement network segmentation for industrial Wi-Fi deployments per CISA ICS recommended practices
Evidence notes
The vulnerability description indicates this is a Linux kernel Wi-Fi driver issue (wilc1000) affecting RCU locking patterns. The CISA CSAF source explicitly marks impact as 'Misinformed' for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory was republished on 2026-02-25 based on Siemens ProductCERT SSA-355557 advisory. No CVSS vector or score is provided in the source corpus.
Official resources
-
CVE-2024-47712 CVE record
CVE.org
-
CVE-2024-47712 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12