PatchSiren cyber security CVE debrief
CVE-2024-48881 Siemens CVE debrief
A vulnerability in the Linux kernel bcache subsystem affects Siemens industrial networking products. The issue stems from an improper change replacing IS_ERR_OR_NULL with IS_ERR, which can lead to NULL pointer dereference conditions. This local vulnerability requires low privileges to exploit and results in high availability impact. Siemens has released firmware updates to address this issue in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500/XCM-/XRM-/XCH-/XRH-300 family industrial switches in critical infrastructure environments, particularly those in energy, manufacturing, and transportation sectors where high availability is essential.
Technical summary
CVE-2024-48881 is a vulnerability in the Linux kernel bcache (block cache) subsystem affecting Siemens industrial networking equipment. The root cause was an improper code change that replaced IS_ERR_OR_NULL with IS_ERR, which inadequately handles NULL pointer conditions. This flaw can result in NULL pointer dereference scenarios when the bcache subsystem encounters error conditions. The vulnerability is exploitable locally with low privileges and has high availability impact. Affected products include RUGGEDCOM RST2428P switches and multiple SCALANCE industrial Ethernet switch families. Siemens has addressed this through firmware updates to version 3.2 or later.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Restrict local access to affected devices to authorized personnel only
- Monitor for anomalous system behavior that may indicate exploitation attempts
Evidence notes
The vulnerability description indicates this is a bcache subsystem issue in the Linux kernel where an improper replacement of IS_ERR_OR_NULL with IS_ERR was made. The CVSS vector confirms local attack vector with low attack complexity and low privileges required. CISA published this advisory on 2025-08-12 with subsequent updates through 2026-02-25 to correct affected product listings and clarify configurations.
Official resources
-
CVE-2024-48881 CVE record
CVE.org
-
CVE-2024-48881 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12