PatchSiren cyber security CVE debrief
CVE-2024-47739 Siemens CVE debrief
CVE-2024-47739 is a medium-severity vulnerability in the Linux kernel's padata subsystem, where a missing integer wrap-around check on the seq_nr counter can cause a deadlock when the sequence number overflows. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families. The vulnerability was published on August 12, 2025, with subsequent modifications through February 25, 2026, to correct affected product listings and clarify configurations. Siemens has released vendor fixes—update to V3.2 or later for affected products. The CVSS 3.1 vector indicates local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P industrial switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family managed switches in industrial control system (ICS) environments. System administrators responsible for firmware lifecycle management in OT networks. Security teams monitoring for kernel-level vulnerabilities in embedded industrial operating systems.
Technical summary
The vulnerability exists in the Linux kernel padata (parallel data) subsystem, which provides parallelization primitives for cryptographic and other CPU-intensive operations. The seq_nr sequence number counter lacks proper integer wrap-around handling, leading to a potential deadlock condition when the counter overflows. This is classified as CWE-190 (Integer Overflow or Wraparound). The affected Siemens products incorporate this vulnerable kernel component through their SINEC OS operating system. Successful exploitation requires local access with low privileges, and the primary impact is denial of service through system deadlock. The vulnerability does not affect confidentiality or integrity per the CVSS vector.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected Siemens RUGGEDCOM RST2428P and SCALANCE product families
- Verify current firmware version on affected industrial networking equipment and prioritize updates based on operational criticality
- Review network segmentation for affected devices to limit local attack vector exposure
- Monitor Siemens ProductCERT advisory SSA-355557 for additional configuration-specific guidance for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments
- Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
Evidence notes
Vulnerability description and affected products confirmed through CISA ICS advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS score and vector derived from official CISA CSAF source. Remediation guidance explicitly states update to V3.2 or later version for RUGGEDCOM RST2428P and SCALANCE families.
Official resources
-
CVE-2024-47739 CVE record
CVE.org
-
CVE-2024-47739 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public