PatchSiren cyber security CVE debrief
CVE-2024-49983 Siemens CVE debrief
This CVE addresses a double-free vulnerability in the Linux ext4 filesystem, specifically within the ext4_ext_replay_update_ex() function. The flaw occurs when ext4_force_split_extent_at() is called: the 'ppath' variable is updated, but the original 'path' variable is freed instead, creating conditions for a double-free memory corruption. This vulnerability has been identified as affecting Siemens industrial networking products that incorporate the vulnerable Linux kernel component.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial networking equipment in operational technology (OT) environments. System administrators responsible for firmware maintenance of Siemens industrial Ethernet switches and ruggedized networking infrastructure.
Technical summary
The vulnerability exists in the ext4 filesystem's extent handling code. During journal replay operations (ext4_ext_replay_update_ex), when extent splitting is forced via ext4_force_split_extent_at(), the code incorrectly manages path pointers: 'ppath' receives the updated pointer while 'path' is incorrectly freed. This pointer confusion can lead to use-after-free or double-free conditions, potentially causing kernel crashes or memory corruption. The CVSS score of 5.5 (MEDIUM) reflects the local attack vector requirement and high availability impact with no confidentiality or integrity impact.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens support documentation for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local access prerequisites
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT advisories for additional affected product clarifications
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which was republished on 2026-02-25 based on Siemens ProductCERT SSA-355557. The advisory underwent multiple revisions, with significant updates on 2026-02-12 (correcting affected products list), 2026-02-24 (clarifying SCALANCE family configurations and removing rejected CVEs), and 2026-02-25 (CISA republication). The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low complexity, requiring low privileges, resulting in high availability impact only.
Official resources
-
CVE-2024-49983 CVE record
CVE.org
-
CVE-2024-49983 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12