PatchSiren cyber security CVE debrief
CVE-2024-47756 Siemens CVE debrief
A logic error in the Keystone PCI controller driver (ks_pcie_quirk()) uses a logical AND (&&) where OR (||) was intended, potentially causing NULL pointer dereference and local denial-of-service. The vulnerability affects Siemens industrial networking products running SINEC OS with vulnerable Linux kernel versions. CISA published this advisory on 2025-08-12; Siemens subsequently updated affected product lists through February 2026.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure sectors (energy, manufacturing, transportation). Security teams managing OT/ICS environments with RUGGEDCOM or SCALANCE devices. System administrators responsible for SINEC OS deployments and kernel patch management.
Technical summary
The ks_pcie_quirk() function in the Linux kernel's Keystone PCI controller driver contains a logic error where && (logical AND) was used instead of || (logical OR) in a conditional expression. This flaw can lead to NULL pointer dereference when the driver evaluates the malformed condition, resulting in local denial-of-service. The vulnerability requires local access with low privileges and has no confidentiality or integrity impact. Siemens industrial networking products incorporating vulnerable kernel versions are affected, including RUGGEDCOM RST2428P and multiple SCALANCE families. Remediation involves firmware updates to version 3.2 or later, with specific configuration-based guidance for certain SCALANCE product lines.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-supplied firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to version 3.2 or later per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration-based remediation
- Validate kernel versions on affected Siemens devices running SINEC OS to ensure patched Keystone PCI driver
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor for anomalous system crashes or PCI-related errors that may indicate exploitation attempts
Evidence notes
CISA ICS advisory ICSA-25-226-07 published 2025-08-12 documents this CVE as affecting Siemens RUGGEDCOM RST2428P and SCALANCE product families. Siemens ProductCERT advisory SSA-355557 provides vendor remediation guidance. The vulnerability originates from a Linux kernel PCI subsystem patch fixing an operator precedence error in ks_pcie_quirk().
Official resources
-
CVE-2024-47756 CVE record
CVE.org
-
CVE-2024-47756 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12