PatchSiren cyber security CVE debrief
CVE-2024-47749 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the RDMA/cxgb4 driver where the `lookup_atid()` function can return NULL if the ATID is invalid or does not exist in the identifier table. The `act_establish()` and `act_open_rpl()` functions fail to check for this NULL return, leading to potential null pointer dereference. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE switch families. The issue was disclosed in CISA advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026 clarifying affected product configurations. Siemens has released firmware updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE industrial Ethernet switches in critical infrastructure environments, particularly those utilizing RDMA over Converged Ethernet (RoCE) capabilities. System administrators responsible for industrial control system network security and availability should prioritize patching to prevent potential denial-of-service conditions.
Technical summary
The RDMA/cxgb4 driver in the Linux kernel contains a vulnerability where `lookup_atid()` may return NULL for invalid or non-existent ATID values. The `act_establish()` and `act_open_rpl()` functions do not validate this return value before dereferencing, resulting in a NULL pointer dereference. This is classified as CWE-476 (NULL Pointer Dereference). The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM) with local attack vector, low attack complexity, and low privilege requirements. The primary impact is to availability (high). Affected products include Siemens RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family when running affected SINEC OS versions. Siemens provides firmware updates to V3.2 or later as remediation.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous behavior on affected devices pending patch deployment
Evidence notes
The vulnerability description is sourced from CISA CSAF data indicating a missing NULL check in RDMA/cxgb4 driver functions. Siemens ProductCERT advisory SSA-355557 provides the authoritative vendor remediation guidance. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact.
Official resources
-
CVE-2024-47749 CVE record
CVE.org
-
CVE-2024-47749 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Disclosed via CISA ICS advisory ICSA-25-226-07 on August 12, 2025, with multiple revisions through February 25, 2026. The advisory was republished based on Siemens ProductCERT SSA-355557.