PatchSiren cyber security CVE debrief

CVE-2024-50008 Siemens CVE debrief

CVE-2024-50008 is a vulnerability in the Linux kernel's mwifiex wireless driver, specifically in the `mwifiex_cmd_802_11_scan_ext()` function. The issue involves a `memcpy()` field-spanning write warning due to improper array handling in `struct host_cmd_ds_802_11_scan_ext`. The fix replaces a one-element array with a flexible-array member to address the memory safety concern. This CVE was published on August 12, 2025, and last modified on February 25, 2026. The vulnerability is classified as 'Misinformed' in the CISA CSAF advisory, indicating it was initially thought to affect certain products but was later determined not to be applicable. Siemens ProductCERT SSA-355557 and CISA ICSA-25-226-07 document this assessment for Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE families. No CVSS score or severity is currently assigned. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been reported.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-04-09
Original CVE updated: 2026-05-14
Advisory published: 2024-04-09
Advisory updated: 2026-05-14

Who should care

Organizations running Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH families) should verify their asset inventory against this advisory. Linux kernel maintainers and developers working with the mwifiex driver should note the code pattern correction. Security teams in OT/ICS environments should monitor this advisory for any classification changes, though no immediate action is required based on current 'Misinformed' status.

Technical summary

This CVE addresses a `memcpy()` field-spanning write warning in the Linux kernel's mwifiex wireless driver function `mwifiex_cmd_802_11_scan_ext()`. The root cause was a one-element array in `struct host_cmd_ds_802_11_scan_ext` that has been replaced with a flexible-array member. This type of change typically addresses compiler warnings about potentially unsafe memory operations where `memcpy` may write beyond declared array bounds. The vulnerability was initially considered for Siemens industrial networking products but has been classified as 'Misinformed' in CISA advisory ICSA-25-226-07, indicating these products are not actually affected. The advisory covers RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family products.

Defensive priority

low

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 to confirm product-specific impact assessment
Verify that affected Siemens products (RUGGEDCOM RST2428P, SCALANCE families) are running current firmware versions
Apply standard defense-in-depth practices for industrial control systems per CISA guidance
Monitor CISA ICS advisories for any future updates to this vulnerability's status
No specific patching action required for Siemens products based on current 'Misinformed' classification

Evidence notes

The CISA CSAF advisory ICSA-25-226-07 explicitly marks this CVE with threat category 'impact' and details 'Misinformed' for products CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory's revision history shows multiple updates, with the February 25, 2026 republication based on Siemens ProductCERT SSA-355557. The vulnerability description indicates a code quality issue in the Linux kernel mwifiex driver that was resolved by converting a one-element array to a flexible-array member, a common pattern for addressing potential buffer handling issues.

Official resources

2025-08-12