PatchSiren cyber security CVE debrief
CVE-2024-49958 Siemens CVE debrief
This CVE was published on 2025-08-12 and last modified on 2026-02-25. The vulnerability description indicates an issue in the ocfs2 filesystem related to reserving space for inline extended attributes before attaching a reflink tree. The source advisory (ICSA-25-226-07) from CISA, based on Siemens ProductCERT advisory SSA-355557, lists this CVE as affecting Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE families. However, the threat assessment in the source material categorizes the impact as 'Misinformed,' suggesting this CVE may have been incorrectly associated with these products or the impact assessment differs from standard vulnerability characterization. The advisory underwent multiple revisions, with the most recent update on 2026-02-25 clarifying affected product configurations and removing several rejected CVEs from the advisory. No CVSS score or severity is available in the source material. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices should verify whether these products actually implement ocfs2 functionality. Given the 'Misinformed' impact assessment, this CVE may represent a tracking artifact rather than an actionable vulnerability for most Siemens deployments. Industrial control system operators should prioritize confirmed vulnerabilities over this entry pending further vendor clarification.
Technical summary
The vulnerability involves the ocfs2 (Oracle Cluster File System 2) kernel module, specifically a failure to properly reserve space for inline extended attributes before attaching a reflink tree structure. This is a Linux kernel filesystem-level issue. The association with Siemens industrial networking products appears to be through third-party component tracking, though the source advisory's 'Misinformed' impact classification suggests the actual exploitability or relevance to the listed products may be limited or incorrect. No technical details regarding attack vectors, privileges required, or potential impacts beyond the filesystem-level description are available in the source material.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current product impact assessment
- Verify whether affected Siemens products actually utilize ocfs2 filesystem functionality
- Monitor for updated CVSS scoring from NVD or vendor
- Apply standard ICS defense-in-depth practices per CISA guidance for industrial control systems
Evidence notes
Source advisory ICSA-25-226-07 indicates 'Misinformed' impact assessment for this CVE against listed product IDs. Multiple advisory revisions occurred, with final republication on 2026-02-25 based on Siemens SSA-355557. No CVSS vector or score present in source. Not in KEV.
Official resources
-
CVE-2024-49958 CVE record
CVE.org
-
CVE-2024-49958 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12