PatchSiren cyber security CVE debrief
CVE-2024-49959 Siemens CVE debrief
A vulnerability in the Linux kernel's jbd2 (journaling block device 2) subsystem affects Siemens industrial networking products. The flaw occurs in __jbd2_log_wait_for_space(), where the function may continue waiting for journal space even when jbd2_cleanup_journal_tail() returns an error, potentially leading to a denial-of-service condition. This is a local vulnerability requiring low privileges with no user interaction, resulting in high availability impact. The affected products include Siemens RUGGEDCOM RST2428P and SCALANCE networking device families running SINEC OS. Siemens has released updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial networking devices; critical infrastructure operators using SINEC OS-based systems; OT security teams managing Siemens industrial Ethernet switches; and asset owners following CISA ICS security guidance.
Technical summary
The vulnerability exists in the Linux kernel's jbd2 journaling subsystem. In __jbd2_log_wait_for_space(), when jbd2_cleanup_journal_tail() fails to recover journal space and returns an error, the function may continue waiting rather than properly handling the error condition. This can result in a local denial-of-service scenario. The flaw is classified under CWE-20 (Improper Input Validation). The vulnerability requires local access with low privileges and no user interaction, affecting availability only with no confidentiality or integrity impact. Siemens has addressed this through SINEC OS updates incorporating the upstream kernel fix.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor CISA ICS advisories for additional updates to this advisory
- Review and apply Siemens security advisories for SINEC OS third-party component updates
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. CWE-20 (Improper Input Validation) identified. Affected products confirmed through CSAF product tree: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family.
Official resources
-
CVE-2024-49959 CVE record
CVE.org
-
CVE-2024-49959 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12