PatchSiren cyber security CVE debrief
CVE-2024-49883 Siemens CVE debrief
CVE-2024-49883 is a use-after-free vulnerability in the Linux ext4 filesystem, specifically within the ext4_ext_insert_extent() function. The flaw occurs when ext4_ext_create_new_leaf() reallocates a path structure, but the stale path pointer continues to be used, leading to memory corruption. This vulnerability has been identified as affecting Siemens industrial networking products that incorporate vulnerable Linux kernel versions, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vulnerability requires local access with low privileges to exploit, and successful exploitation results in high availability impact (system crash or denial of service) with no confidentiality or integrity impact. Siemens has released firmware updates to address this issue, with V3.2 or later versions containing the fix. The vulnerability was initially published on August 12, 2025, and the advisory was subsequently updated on February 25, 2026, to reflect corrections to affected product listings and additional clarifications.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family industrial Ethernet switches in operational technology (OT) environments. System administrators responsible for firmware lifecycle management in industrial control systems. Security teams monitoring for local privilege escalation or denial-of-service vectors in embedded Linux systems.
Technical summary
The vulnerability exists in the ext4 filesystem implementation where ext4_ext_insert_extent() fails to properly handle path reallocation by ext4_ext_create_new_leaf(). When the path structure is reallocated, the original pointer becomes stale, yet continues to be dereferenced, resulting in a use-after-free condition. This memory safety defect can be triggered by local users with low privileges and leads to kernel crashes or denial of service conditions. The CVSS 3.1 score of 5.5 (MEDIUM) reflects the local attack vector and high availability impact with no confidentiality or integrity consequences.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens RUGGEDCOM RST2428P and SCALANCE devices to firmware version V3.2 or later
- Review Siemens ProductCERT advisory SSA-355557 for specific configuration guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
- Apply defense-in-depth strategies for industrial control systems as recommended by CISA
- Monitor for anomalous local activity on affected devices that could indicate exploitation attempts
- Validate firmware integrity after updates through vendor-provided checksums or signatures
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector confirms local attack vector with low attack complexity and low privileges required. Affected products identified through CSAF product tree with high confidence. Remediation guidance specifies firmware version V3.2 or later as the vendor fix.
Official resources
-
CVE-2024-49883 CVE record
CVE.org
-
CVE-2024-49883 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12