PatchSiren cyber security CVE debrief
CVE-2024-49851 Siemens CVE debrief
A Trusted Platform Module (TPM) resource leak vulnerability exists in the Linux kernel's TPM driver. When tpm_dev_transmit prepares TPM space for command transmission and the command subsequently fails, no rollback of this preparation is performed. This can result in transient handles being leaked if the device is closed without further commands being executed. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating local attack vector with low attack complexity, low privileges required, and high availability impact. Siemens has identified affected products in their industrial networking portfolio including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment. Security teams responsible for industrial control system infrastructure, TPM-dependent security operations, and critical infrastructure operators utilizing affected Siemens products.
Technical summary
The vulnerability exists in the tpm_dev_transmit function of the Linux kernel TPM driver. The function prepares TPM space before attempting command transmission, but fails to perform rollback of this preparation when commands fail. This leads to transient handle leaks if the device is subsequently closed without additional commands. The flaw represents an incomplete error handling path (CWE-459) that can cause resource exhaustion over time. The CVSS vector indicates local attack requirements with high availability impact, suggesting that repeated exploitation could degrade or deny TPM services.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later version for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor for anomalous TPM-related behavior or resource exhaustion on affected systems
- Review and apply CISA ICS-CERT defense in depth guidance for industrial control system environments
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. CISA ICS advisory ICSA-25-226-07 republished based on Siemens ProductCERT SSA-355557 advisory. Affected products confirmed through CSAF product tree with high confidence.
Official resources
-
CVE-2024-49851 CVE record
CVE.org
-
CVE-2024-49851 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
published