PatchSiren cyber security CVE debrief
CVE-2024-49896 Siemens CVE debrief
CVE-2024-49896 is a null pointer dereference vulnerability in the AMD display driver subsystem (drm/amd/display). The flaw exists in the dc_is_stream_unchanged function, where a stream pointer could be dereferenced without proper null validation. The vulnerability was addressed by adding a null check for the stream before dereferencing it. This issue affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and clarification of impacted configurations. No CVSS score or severity rating is currently available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE X-family industrial Ethernet switches in critical infrastructure environments, particularly those in manufacturing, energy, and transportation sectors where SINEC OS is deployed for network management.
Technical summary
The vulnerability exists in the dc_is_stream_unchanged function within the AMD display driver (drm/amd/display) in the Linux kernel. The function failed to validate whether a stream pointer was non-null before dereferencing it, potentially leading to a null pointer dereference condition. The fix adds an explicit null check for the stream parameter before dereferencing. This vulnerability affects Siemens industrial networking equipment running SINEC OS that incorporates the vulnerable kernel component. The advisory history indicates significant evolution in understanding of affected products, with multiple corrections to product listings between initial publication and final update.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify kernel version on affected Siemens devices (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family)
- Apply vendor-provided firmware updates when available
- Monitor CISA ICS advisories for additional guidance
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates this is a defensive fix (adding null check) rather than an actively exploitable vulnerability. The source advisory (ICSA-25-226-07) underwent multiple revisions, with the most significant update on February 25, 2026, republishing based on Siemens ProductCERT SSA-355557. The threat category is marked as 'Misinformed' in the source data, suggesting potential confusion or overstatement of impact in earlier versions.
Official resources
-
CVE-2024-49896 CVE record
CVE.org
-
CVE-2024-49896 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12