PatchSiren cyber security CVE debrief
CVE-2024-49948 Siemens CVE debrief
A vulnerability in the Linux kernel's network queueing discipline (qdisc) subsystem has been identified and resolved. The issue, addressed by adding additional sanity checks to the qdisc_pkt_len_init() function, could potentially lead to denial of service conditions. Siemens has confirmed this vulnerability affects multiple industrial networking product families including RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices running SINEC OS. The vulnerability carries a CVSS 3.1 score of 5.5 (MEDIUM severity) with a local attack vector requiring low privileges but no user interaction. CISA published advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and incorporate corrections from Siemens ProductCERT. Organizations operating affected Siemens industrial networking equipment should prioritize firmware updates to version 3.2 or later where available, and follow defense-in-depth practices for industrial control systems as recommended by CISA.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P or SCALANCE XC/XR/XCM/XRM/XCH/XRH series switches in critical infrastructure, manufacturing, or utility environments. Security teams responsible for OT/ICS asset management and vulnerability remediation should prioritize this update given the potential for localized denial of service conditions.
Technical summary
CVE-2024-49948 is a vulnerability in the Linux kernel's network queueing discipline (qdisc) subsystem, specifically within the qdisc_pkt_len_init() function. The vulnerability was resolved by implementing additional sanity checks to prevent potential exploitation. The issue affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P switches and multiple SCALANCE product families. The vulnerability requires local access with low privileges but can result in high availability impact. Siemens has released firmware version 3.2 or later to address this issue across affected product lines.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens RUGGEDCOM RST2428P devices to firmware version 3.2 or later
- Update affected SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to firmware version 3.2 or later
- Review and apply vendor configuration guidance for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous network queueing behavior on affected devices prior to patching
Evidence notes
CVE description indicates resolution via sanity checks in qdisc_pkt_len_init(). Siemens ProductCERT SSA-355557 and CISA ICSA-25-226-07 confirm affected products. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local privilege requirement with high availability impact. Remediation guidance specifies firmware update to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family; SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family has vendor fix with additional configuration guidance.
Official resources
-
CVE-2024-49948 CVE record
CVE.org
-
CVE-2024-49948 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12