CVE-2024-49981 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment. Critical infrastructure operators and manufacturing environments relying on these devices for network segmentation and industrial communications should prioritize patching. Security teams responsible for OT/ICS asset management and vulnerability management programs.

Technical summary

The vulnerability exists in the Venus media driver subsystem of the Linux kernel. A race condition during the venus_remove operation can result in use-after-free memory access. This is a local vulnerability requiring low privileges but no user interaction. The primary impact is denial of service (availability) with no confidentiality or integrity impact per the CVSS vector. Affected Siemens products incorporate this vulnerable kernel component in their SINEC OS firmware.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens guidance
• Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration to confirm affected status
• Implement defense-in-depth controls for industrial control systems per CISA recommended practices
• Monitor for anomalous system behavior or unexpected reboots on affected devices
• Restrict local access to device management interfaces to authorized personnel only

Evidence notes

CISA published advisory ICSA-25-226-07 on 2025-08-12, with subsequent updates through 2026-02-25. The advisory references Siemens ProductCERT SSA-355557. CVSS 3.1 vector confirms local attack vector with availability impact.

Official resources