CVE-2024-49963 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH industrial Ethernet switches in critical infrastructure environments, particularly those in energy, manufacturing, and transportation sectors where device availability is essential for operational continuity.

Technical summary

The vulnerability exists in the BCM2835 mailbox driver, a Linux kernel component for Broadcom VideoCore communication. During system suspend operations, the driver experiences a timeout condition that can cause system instability or denial of service. The flaw is triggered when the system attempts to enter suspend mode while mailbox operations are pending. Affected Siemens products incorporate this vulnerable kernel component through their SINEC OS firmware. The attack requires authenticated local access with low privileges, limiting exploitation to scenarios where an attacker already has foothold access to the device. No confidentiality or integrity impacts are associated with this vulnerability; only availability is affected.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE devices
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
• Implement physical access controls to limit local access to affected industrial control systems
• Monitor for anomalous system behavior during suspend/resume operations
• Review and apply CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Modified 2026-02-25. Affects Siemens RUGGEDCOM RST2428P and SCALANCE XC/XR/XCM/XRM/XCH/XRH families running SINEC OS. CVSS vector confirms local attack vector with availability impact.

Official resources