PatchSiren cyber security CVE debrief
CVE-2024-49997 Siemens CVE debrief
A memory disclosure vulnerability exists in the Linux kernel's Lantiq ETOP Ethernet driver (lantiq_etop). When padding Ethernet frames to meet minimum size requirements, the driver fails to zero the buffer before transmission, causing uninitialized kernel memory to be observable on the network wire. This affects Siemens industrial networking products that incorporate vulnerable kernel versions, including RUGGEDCOM RST2428P and SCALANCE switch families. The vulnerability requires local access with low privileges and has a CVSS 3.1 score of 5.5 (MEDIUM). The upstream fix replaces manual padding with skb_put_padto(), which properly zeroes expanded buffers. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment in OT/ICS environments, particularly those using RUGGEDCOM RST2428P or SCALANCE switch families. Security teams responsible for Linux kernel security in embedded industrial systems. Network administrators managing segmented industrial control networks.
Technical summary
The lantiq_etop Ethernet driver in the Linux kernel fails to zero buffer memory when applying software padding to Ethernet frames. On Amazon-SE and Danube platform MACs that lack hardware padding support, this results in transmission of uninitialized kernel memory contents onto the network. The vulnerability is resolved by using skb_put_padto() which properly zeroes expanded buffers. Affected Siemens products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family industrial switches.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Segment industrial control networks from enterprise and internet networks per CISA ICS recommended practices
- Monitor network traffic for anomalous patterns that may indicate attempted exploitation
- Review and implement defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability was disclosed in the Linux kernel net: ethernet: lantiq_etop driver. The issue occurs because Ethernet MACs on Amazon-SE and Danube platforms cannot perform hardware padding, requiring software padding that was not properly zeroing buffers. Siemens ProductCERT advisory SSA-355557 and CISA advisory ICSA-25-226-07 document affected products. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity and low privileges required, resulting in high availability impact but no confidentiality or integrity impact directly from the CVSS scoring—though the actual memory disclosure represents a confidentiality concern.
Official resources
-
CVE-2024-49997 CVE record
CVE.org
-
CVE-2024-49997 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12