PatchSiren cyber security CVE debrief

CVE-2024-49971 Siemens CVE debrief

This CVE describes a buffer overrun vulnerability in the AMD Display Core (DC) driver within the Linux kernel's Direct Rendering Manager (DRM) subsystem. Specifically, functions `dml2_core_shared_mode_support` and `dml_core_mode_support` access the third element of `dummy_boolean` (e.g., `hw_debug5 = &s->dummy_boolean`), and any assignment through this pointer would cause an OVERRUN condition. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products that incorporate third-party components, including the RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. However, the source advisory marks the impact as 'Misinformed,' suggesting the actual risk to these products may differ from the initial CVE description. No CVSS score or severity is currently assigned. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and there is no indication of known ransomware campaign use.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly RUGGEDCOM and SCALANCE X series switches running SINEC OS. OT security teams managing critical infrastructure networks, ICS/SCADA system administrators, and compliance officers responsible for industrial cybersecurity frameworks should monitor this advisory for vendor clarification on actual product impact and available remediation.

Technical summary

CVE-2024-49971 is a buffer overrun vulnerability in the AMD Display Core (DC) driver's Display Mode Library (DML) component within the Linux kernel. The flaw exists in `dml2_core_shared_mode_support` and `dml_core_mode_support` functions, which improperly access the third element of the `dummy_boolean` array (e.g., `hw_debug5 = &s->dummy_boolean`). Assignments through this pointer result in an out-of-bounds write condition. This vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable Linux kernel components, including RUGGEDCOM RST2428P and select SCALANCE X family switches. The CISA advisory marks impact as 'Misinformed,' suggesting the actual security relevance to Siemens products may require further vendor clarification.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for current product-specific impact assessment and patch availability
Verify SINEC OS version and installed third-party component versions on affected Siemens networking equipment
Apply vendor-provided firmware updates when available per Siemens' security advisory guidance
Implement network segmentation for industrial control systems per CISA ICS recommended practices
Monitor CISA ICS advisories for updates to ICSA-25-226-07

Evidence notes

The vulnerability description originates from the Linux kernel AMD display driver code. Siemens ProductCERT advisory SSA-355557 (referenced in CISA ICSA-25-226-07) identifies this CVE as affecting SINEC OS-based products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches. The CISA advisory revision history shows multiple updates, with the most recent on 2026-02-25 republicating based on Siemens' updated advisory. Notably, the 'threats' section in the source CSAF data categorizes impact as 'Misinformed' for affected product IDs, indicating potential discrepancy between the CVE's technical description and actual product impact.

Official resources

2025-08-12