PatchSiren cyber security CVE debrief
CVE-2024-47742 Siemens CVE debrief
This CVE addresses a path traversal vulnerability in the Linux kernel's firmware_loader subsystem. The issue arises when firmware file names contain string components passed through from a device or semi-privileged userspace, potentially allowing unauthorized file access outside intended directories. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P switches and multiple SCALANCE product families. The vulnerability carries a CVSS 3.1 score of 5.5 (MEDIUM severity) with a local attack vector, low attack complexity, and low privileges required, though the primary impact is limited to availability (high) with no confidentiality or integrity impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 product families. System administrators responsible for Linux-based industrial devices with firmware loading capabilities. OT security teams managing critical infrastructure with embedded Linux systems. Asset owners requiring compliance with CISA ICS security recommendations.
Technical summary
The firmware_loader subsystem in the Linux kernel constructs firmware file paths using both hardcoded strings and dynamic components. While most dynamic elements are constrained to hex numbers or similarly limited formats, certain codepaths accept string components from device inputs or semi-privileged userspace contexts without adequate validation. This insufficient sanitization enables path traversal attacks where maliciously crafted firmware names could reference files outside the intended firmware directory. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). Exploitation requires local access with low privileges and results in high availability impact, typically through denial of service or system instability.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family products per Siemens ProductCERT guidance
- Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations and apply vendor-specified mitigations as detailed in Section Additional Information of the advisory
- Implement defense-in-depth strategies for industrial control systems including network segmentation and access controls
- Monitor CISA ICS advisories for additional updates to affected product listings
- Validate firmware loading mechanisms in Linux-based industrial devices to ensure proper input sanitization
Evidence notes
The vulnerability description indicates this is a kernel-level firmware loading issue where insufficient validation of firmware filename components could enable path traversal. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local exploitation with availability impact. Siemens ProductCERT advisory SSA-355557 provides vendor-specific context and remediation guidance. CISA's ICS advisory ICSA-25-226-07 was initially published 2025-08-12 and subsequently updated 2026-02-25 to reflect corrections to affected product lists and additional clarifications.
Official resources
-
CVE-2024-47742 CVE record
CVE.org
-
CVE-2024-47742 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12