PatchSiren cyber security CVE debrief
CVE-2024-49952 Siemens CVE debrief
A vulnerability in the Linux kernel's netfilter nf_tables subsystem could allow corruption of nf_skb_duplicated data structures. This issue affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X family switches. The vulnerability has been resolved in the upstream Linux kernel. Siemens has released firmware updates to address this issue in affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE X family industrial Ethernet switches in critical infrastructure environments, including manufacturing, energy, transportation, and utility sectors. System administrators responsible for maintaining SINEC OS-based network infrastructure should prioritize firmware updates. Security teams monitoring OT/ICS environments for Linux kernel vulnerabilities affecting network stack components.
Technical summary
This vulnerability exists in the Linux kernel's netfilter nf_tables subsystem, which provides packet filtering and network address translation capabilities. The issue involves potential corruption of the nf_skb_duplicated data structure, which is used in packet processing operations. The vulnerability was resolved in the upstream Linux kernel. Siemens industrial networking products incorporating the affected Linux kernel versions are impacted, including RUGGEDCOM RST2428P switches and multiple SCALANCE X family product lines. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to firmware V3.2 or later. For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens' '
- Additional Information' section in the security advisory for specific configuration guidance and update instructions.
- Implement network segmentation for industrial control systems to limit exposure of affected devices.
- Monitor for anomalous network behavior that could indicate exploitation attempts against nf_tables functionality.
- Review and apply CISA's ICS recommended practices for defense-in-depth strategies.
Evidence notes
CVE published 2025-08-12 per official CVE record. Modified 2026-02-25. Source CISA CSAF advisory ICSA-25-226-07, republication based on Siemens ProductCERT SSA-355557. CVSS 5.5 (MEDIUM) per source. CWE-362 (Race Condition) indicated by source references.
Official resources
-
CVE-2024-49952 CVE record
CVE.org
-
CVE-2024-49952 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12