PatchSiren cyber security CVE debrief
CVE-2024-49977 Siemens CVE debrief
A zero-division vulnerability exists in the Linux kernel's stmmac (Synopsys DesignWare Ethernet MAC) driver. When tc-cbs (Traffic Control - Credit Based Shaper) is disabled, the `port_transmit_rate_kbps` variable can be set to 0, which is then passed to the `div_s64` function, causing a divide-by-zero error. This is a local attack vector requiring low privileges and low attack complexity, resulting in high availability impact. The vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE switch families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment, particularly in critical infrastructure sectors (energy, manufacturing, transportation). System administrators managing RUGGEDCOM and SCALANCE switch deployments. OT security teams responsible for industrial control system hardening and patch management. Network engineers configuring traffic control policies on affected devices.
Technical summary
The vulnerability exists in the stmmac (Synopsys DesignWare Ethernet MAC) driver within the Linux kernel networking subsystem. The `port_transmit_rate_kbps` parameter, used for rate limiting calculations, can be set to 0 when tc-cbs (Traffic Control Credit Based Shaper) is disabled. This value is subsequently used as a divisor in the `div_s64` function without validation, triggering a divide-by-zero error. The flaw represents a CWE-20 (Improper Input Validation) weakness. Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family running SINEC OS. The vulnerability was initially published on 2025-08-12 and last modified on 2026-02-25, with the final update reflecting CISA republication based on the Siemens ProductCERT advisory.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation to limit local access to affected industrial switches
- Monitor for unexpected system crashes or reboots on affected devices that could indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability is documented in CISA advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with high availability impact. The issue stems from insufficient input validation in the stmmac driver's rate limiting code path when tc-cbs is not enabled.
Official resources
-
CVE-2024-49977 CVE record
CVE.org
-
CVE-2024-49977 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12