PatchSiren cyber security CVE debrief
CVE-2024-49881 Siemens CVE debrief
A vulnerability in the Linux kernel's ext4 filesystem implementation, specifically within the ext4_find_extent() function, has been identified and resolved. The issue involves improper handling of the orig_path variable, which could lead to system instability or denial of service conditions. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel components, including the RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.5, requiring local access and low privileges to exploit, with a high impact on availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
System administrators managing Siemens industrial networking infrastructure, OT security teams responsible for RUGGEDCOM and SCALANCE device fleets, and organizations operating industrial control systems with local user access requirements should prioritize this vulnerability for remediation.
Technical summary
CVE-2024-49881 is a vulnerability in the Linux kernel's ext4 filesystem implementation, specifically in the ext4_find_extent() function where the orig_path variable was not properly updated. This flaw could result in denial of service conditions due to system instability. The vulnerability requires local access and low privileges to exploit, with no confidentiality or integrity impact but high availability impact. Affected products include Siemens RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The vulnerability was resolved through a kernel patch that properly updates orig_path in ext4_find_extent(). Siemens has released firmware version V3.2 or later to address this issue in affected products.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected Siemens RUGGEDCOM RST2428P and SCALANCE switch families
- Review Siemens ProductCERT advisory SSA-355557 for specific product configuration guidance
- Implement network segmentation for industrial control systems to limit local access vectors
- Monitor for anomalous filesystem operations on affected devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates a resolution in the Linux kernel's ext4_find_extent() function related to updating orig_path. The CISA CSAF advisory ICSA-25-226-07, published 2025-08-12 and last modified 2026-02-25, identifies affected Siemens products. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact. Remediation guidance specifies updates to V3.2 or later for affected products.
Official resources
-
CVE-2024-49881 CVE record
CVE.org
-
CVE-2024-49881 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12