PatchSiren cyber security CVE debrief
CVE-2024-49965 Siemens CVE debrief
CVE-2024-49965 is a vulnerability in the OCFS2 (Oracle Cluster File System 2) Linux kernel driver, specifically in the ocfs2_read_blocks function. The issue involves an unreasonable unlock operation that could lead to race conditions or improper synchronization. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. However, the CISA advisory marks the impact assessment as 'Misinformed,' suggesting potential discrepancies in the initial vulnerability reporting or applicability to the listed Siemens products. No CVSS score or severity rating is currently available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and there is no indication of known ransomware campaign use. Organizations should consult Siemens ProductCERT advisory SSA-355557 for authoritative product-specific guidance and patch availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE X-family industrial Ethernet switches; OT security teams managing SINEC OS deployments; Linux kernel maintainers tracking OCFS2 stability fixes; CISOs responsible for industrial control system vulnerability management programs
Technical summary
The vulnerability exists in the OCFS2 (Oracle Cluster File System 2) Linux kernel driver's ocfs2_read_blocks function, where an unreasonable unlock operation could potentially cause race conditions. OCFS2 is a shared-disk cluster filesystem typically used in high-availability Linux server environments, not standard functionality for industrial Ethernet switches. The CVE was included in a Siemens SINEC OS third-party components advisory but marked with 'Misinformed' impact, suggesting the vulnerability may not be exploitable in the listed product contexts or was incorrectly attributed. The patch series reference ('Misc fixes for ocfs2_read_blocks', v5) indicates this was addressed as part of broader OCFS2 stability improvements in the upstream Linux kernel.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for authoritative product-specific impact assessment and patch guidance
- Verify whether affected Siemens products (RUGGEDCOM RST2428P, SCALANCE X-family) are deployed in your environment
- Assess exposure to OCFS2 filesystem functionality, which is atypical for industrial Ethernet switch deployments
- Monitor CISA ICS advisories for updates to the 'Misinformed' impact classification
- Apply defense-in-depth practices for industrial control systems per CISA guidance pending definitive patch availability
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-07) explicitly marks the impact of this CVE as 'Misinformed' in the threats section, indicating the vulnerability may have been incorrectly attributed or assessed for the listed Siemens products. The CVE description references an OCFS2 kernel patch series for ocfs2_read_blocks, which is a Linux cluster filesystem component not typically exposed in industrial Ethernet switch deployments. The advisory revision history shows multiple updates correcting affected product lists and removing rejected CVEs, suggesting ongoing vetting of vulnerability applicability.
Official resources
-
CVE-2024-49965 CVE record
CVE.org
-
CVE-2024-49965 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12