PatchSiren cyber security CVE debrief
CVE-2024-49860 Siemens CVE debrief
CVE-2024-49860 is a medium-severity vulnerability (CVSS 5.5) affecting Siemens industrial networking products running SINEC OS. The vulnerability exists in the Common Platform Interface (CPI) sysfs implementation, where the _STR method fails to validate return types. When non-buffer objects are returned, the description_show() function accesses invalid memory, leading to a local denial-of-service condition. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users on affected systems. Siemens has released firmware updates to address this issue, with specific version requirements varying by product family.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Asset owners and operators of Siemens industrial Ethernet switches in critical infrastructure environments, including utilities, transportation, and manufacturing sectors. Security teams responsible for OT/ICS patch management and vulnerability remediation programs. Network administrators managing SCALANCE and RUGGEDCOM device fleets.
Technical summary
The vulnerability resides in the CPI (Common Platform Interface) sysfs subsystem's handling of the _STR method. The implementation assumes _STR returns only buffer objects but fails to validate this assumption. When _STR returns a non-buffer type, description_show() dereferences invalid memory, causing a crash. This is a type confusion weakness (CWE-843) leading to availability impact. The attack requires local authenticated access with low privileges. Affected products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family when running vulnerable SINEC OS versions. Remediation involves firmware updates to SINEC OS V3.2 or later, with specific update paths documented in Siemens ProductCERT advisory SSA-355557.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to SINEC OS V3.2 or later. For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT
- Restrict local access: Limit physical and logical access to device management interfaces to authorized personnel only
- Monitor for anomalies: Implement logging and monitoring for unexpected system crashes or sysfs-related errors on affected devices
- Follow defense-in-depth practices: Apply CISA ICS recommended practices for network segmentation and access control
- Verify patch deployment: Confirm firmware version through device management interface after update installation
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. CISA advisory ICSA-25-226-07 republished 2026-02-25 based on Siemens ProductCERT SSA-355557. Affects RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. CVSS vector confirms local attack vector with availability impact.
Official resources
-
CVE-2024-49860 CVE record
CVE.org
-
CVE-2024-49860 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12