PatchSiren cyber security CVE debrief
CVE-2024-49884 Siemens CVE debrief
A slab-use-after-free vulnerability in the Linux kernel's ext4 filesystem, specifically within the ext4_split_extent_at() function, affects Siemens industrial networking products running SINEC OS. The vulnerability was resolved in the upstream Linux kernel and has been addressed in Siemens product updates.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial networking equipment; critical infrastructure operators with SINEC OS deployments; industrial control system administrators responsible for maintaining availability of network infrastructure; security teams monitoring Linux kernel vulnerabilities in embedded/OT environments
Technical summary
CVE-2024-49884 is a slab-use-after-free vulnerability in the Linux kernel's ext4 filesystem implementation, specifically in the ext4_split_extent_at() function. This memory safety issue can lead to system instability or denial of service conditions. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel version, including RUGGEDCOM RST2428P switches and select SCALANCE product families running SINEC OS. The CVSS 3.1 score of 5.5 (MEDIUM) reflects a local attack vector requiring low privileges, with high availability impact but no confidentiality or integrity impact. Siemens has released updates to address this vulnerability, with specific version requirements varying by product family.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later version per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
- Implement defense-in-depth strategies for industrial control systems as recommended by CISA
- Monitor for anomalous filesystem activity on affected systems prior to patching
- Restrict local access to affected systems to authorized personnel only
Evidence notes
The vulnerability description indicates a slab-use-after-free condition in ext4_split_extent_at() that was resolved in the Linux kernel. Siemens ProductCERT advisory SSA-355557 and CISA advisory ICSA-25-226-07 document affected products and remediation guidance. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact.
Official resources
-
CVE-2024-49884 CVE record
CVE.org
-
CVE-2024-49884 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public