PatchSiren cyber security CVE debrief
CVE-2024-47718 Siemens CVE debrief
CVE-2024-47718 is a use-after-free (UAF) vulnerability in the rtw88 Wi-Fi driver affecting Linux kernel systems. The flaw occurs when firmware loading is not properly synchronized during USB initialization and disconnection, potentially allowing memory corruption. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE families, though the specific impact assessment indicates these products may be misinformed regarding actual vulnerability status. The advisory has undergone multiple revisions, with the most recent update on 2026-02-25 reflecting republication based on Siemens ProductCERT SSA-355557 advisory. No CVSS score or severity rating is currently available. Organizations should verify their specific product configurations against the vendor's security advisory and apply patches as they become available.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, as well as Linux systems utilizing the rtw88 Wi-Fi driver for Realtek wireless chipsets. Critical infrastructure operators and industrial control system administrators should prioritize assessment due to potential operational technology impacts.
Technical summary
The vulnerability exists in the rtw88 Wi-Fi driver where improper synchronization during firmware loading operations—specifically during USB initialization and disconnection sequences—can lead to a use-after-free condition. This memory safety issue could potentially be exploited to cause system instability or arbitrary code execution in the kernel context. The flaw is rooted in race conditions between firmware loading state transitions and device disconnect events.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product impact assessment and patch availability
- Verify specific product configurations against the Known Affected and Known Not Affected product lists in the vendor advisory
- Monitor CISA ICS advisory ICSA-25-226-07 for updates on this vulnerability
- Apply vendor-provided firmware or software updates when available
- Implement network segmentation for affected industrial control systems to limit exposure
- Follow CISA recommended practices for industrial control systems defense in depth
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07. Vendor attribution to Siemens confirmed through CSAF product tree with high confidence. Timeline derived from official CVE published and modified dates. Multiple advisory revisions tracked through revision history. No CVSS vector or score available in source data.
Official resources
-
CVE-2024-47718 CVE record
CVE.org
-
CVE-2024-47718 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12