CVE-2024-49868 Siemens CVE debrief

Who should care

Linux system administrators managing btrfs filesystems; industrial control system operators who reviewed earlier versions of the Siemens/CISA advisory; security teams tracking kernel-level filesystem vulnerabilities in operational technology environments

Technical summary

The vulnerability exists in the btrfs (B-tree filesystem) implementation in the Linux kernel. A NULL pointer dereference occurs when the filesystem fails to start a new transaction, potentially leading to system instability or denial of service. The vulnerability was initially associated with Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) running SINEC OS, but subsequent vendor analysis determined these products were not affected. The advisory was revised multiple times, with the final update on 2026-02-25 removing this CVE from the affected products list and clarifying the scope of impact.

Defensive priority

low

Recommended defensive actions

• Verify btrfs filesystem usage in Linux kernel deployments
• Apply kernel updates from distribution maintainers when available
• Review Siemens ProductCERT SSA-355557 for definitive product impact statements
• Monitor CISA ICS advisories for updates on industrial control system component vulnerabilities

Evidence notes

The source advisory ICSA-25-226-07 was published by CISA on 2025-08-12 and last modified on 2026-02-25. The advisory underwent multiple revisions, with the most significant update on 2026-02-25 clarifying that the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family affected configuration was clarified and multiple CVEs were removed as rejected. The threat category in the source is marked as Misinformed for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003.

Official resources