PatchSiren cyber security CVE debrief
CVE-2024-49877 Siemens CVE debrief
CVE-2024-49877 is a NULL pointer dereference vulnerability in the Linux kernel's OCFS2 (Oracle Cluster File System 2) filesystem. The flaw occurs during cleanup operations when the OCFS2_BH_READAHEAD flag is not set, potentially causing a NULL pointer dereference in ocfs2_set_buffer_uptodate() when the buffer head (bh) is NULL. This vulnerability was originally published on August 12, 2025, and was subsequently modified on February 25, 2026. The issue affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. Notably, CISA's advisory indicates this CVE was marked as 'Misinformed' in the impact assessment, suggesting the vulnerability may not be exploitable in the affected Siemens products as initially reported, or the impact was otherwise mischaracterized. The advisory underwent multiple revisions, with the February 2026 updates correcting affected product listings and clarifying configurations. Organizations should verify their specific product configurations against Siemens' official security advisory SSA-355557 to determine actual exposure.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial control system operators using Siemens RUGGEDCOM RST2428P or SCALANCE X-family switches; security teams managing OT/ICS environments with SINEC OS deployments; kernel maintainers and Linux distribution security teams tracking OCFS2 filesystem vulnerabilities
Technical summary
The vulnerability exists in the OCFS2 filesystem implementation within the Linux kernel. During cleanup operations, if the OCFS2_BH_READAHEAD flag is not present in the flags field, the code may proceed to call ocfs2_set_buffer_uptodate() with a NULL buffer head pointer, resulting in a NULL pointer dereference. This is a classic defensive programming issue where insufficient validation of pointer state before dereferencing leads to potential kernel panic or denial of service. The vulnerability affects Siemens industrial networking equipment running SINEC OS that incorporates the vulnerable kernel component. The 'Misinformed' classification in CISA's advisory suggests that either the vulnerability is not exploitable in the specific Siemens product context, or the initial impact assessment was incorrect.
Defensive priority
medium
Recommended defensive actions
- Verify SINEC OS version and configuration against Siemens SSA-355557 security advisory to confirm exposure
- Review OCFS2 filesystem usage in affected industrial control system environments
- Apply kernel updates from Siemens ProductCERT when available for affected RUGGEDCOM and SCALANCE devices
- Monitor CISA ICS advisories for additional guidance on ICS-CERT ICSA-25-226-07
Evidence notes
Source indicates 'Misinformed' impact classification for affected Siemens products; multiple advisory revisions corrected product scope
Official resources
-
CVE-2024-49877 CVE record
CVE.org
-
CVE-2024-49877 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12