PatchSiren cyber security CVE debrief
CVE-2024-49878 Siemens CVE debrief
A vulnerability in the Linux kernel's CXL (Compute Express Link) memory driver affects Siemens industrial networking products running SINEC OS. The flaw stems from improper resource hierarchy handling in drivers/dax/kmem.c, where add_memory_driver_managed() creates a nested resource structure during CXL memory onlining. This causes region_intersects() to fail when locating System RAM resources, as it expects these resources at the top level of iomem_resource rather than as descendants of CXL Window resources. The vulnerability can lead to denial of service conditions on affected systems. Siemens has released firmware updates to address this issue in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking devices in critical infrastructure environments, particularly those utilizing CXL memory expansion capabilities.
Technical summary
The vulnerability exists in the Linux kernel's DAX kmem driver (drivers/dax/kmem.c), which is used when onlining CXL memory. The function add_memory_driver_managed() creates a resource hierarchy where 'System RAM (kmem)' becomes a child of 'CXL Window X' rather than a direct child of iomem_resource. This violates assumptions in region_intersects(), which expects all System RAM resources to be at the top level of the resource tree. The mismatch can cause memory region intersection checks to fail, potentially leading to system instability or denial of service. The flaw is classified as CWE-20 (Improper Input Validation) and carries a CVSS 3.1 score of 5.5 (Medium severity) with local attack vector, low attack complexity, and high availability impact.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor Siemens ProductCERT security advisories for additional updates or clarifications
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
Vulnerability description and affected product information sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS 3.1 vector confirms local attack vector with low attack complexity and high availability impact.
Official resources
-
CVE-2024-49878 CVE record
CVE.org
-
CVE-2024-49878 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public