PatchSiren cyber security CVE debrief
CVE-2024-47748 Siemens CVE debrief
A vulnerability in the Linux kernel's vhost_vdpa subsystem affects Siemens industrial networking products running SINEC OS. The flaw involves incorrect assignment of IRQ bypass producer tokens, which could lead to memory safety issues. The vulnerability requires local access with high privileges to exploit. Siemens has released updates to address this issue in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment in operational technology (OT) environments. Security teams responsible for industrial control system infrastructure and patch management programs.
Technical summary
The vulnerability exists in the Linux kernel's vhost_vdpa (virtio data path acceleration) subsystem where IRQ bypass producer tokens are not assigned correctly. This flaw affects Siemens industrial networking products that incorporate the vulnerable kernel component through SINEC OS. The CVSS 3.1 base score of 6.7 (Medium) reflects local attack vector, low attack complexity, high privileges required, and high impacts to confidentiality, integrity, and availability. The vulnerability is not known to be exploited in the wild (E:U) and has an official fix available (RL:O).
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens guidance
- Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration and apply appropriate vendor fixes as specified in Siemens ProductCERT advisory
- Implement defense-in-depth strategies for industrial control systems including network segmentation and access controls
- Monitor CISA ICS advisories for additional updates to affected product configurations
Evidence notes
The vulnerability description indicates a kernel-level issue in vhost_vdpa IRQ bypass token handling. CVSS 3.1 vector shows local attack vector with high privileges required, indicating this is not remotely exploitable without prior compromise. The CISA advisory ICSA-25-226-07 was initially published 2025-08-12 and subsequently revised multiple times through 2026-02-25 to correct affected product listings and incorporate updates from Siemens ProductCERT advisory SSA-355557.
Official resources
-
CVE-2024-47748 CVE record
CVE.org
-
CVE-2024-47748 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12