PatchSiren cyber security CVE debrief

CVE-2024-50013 Siemens CVE debrief

A memory leak vulnerability exists in the Linux kernel's exFAT filesystem implementation, specifically within the exfat_load_bitmap() function. The flaw occurs when the first directory entry in the root directory is not a bitmap directory entry, causing the 'bh' (buffer head) variable to not be released and reassigned, resulting in a memory leak. This vulnerability has been identified as affecting Siemens industrial networking products that incorporate the vulnerable Linux kernel component. The CVSS 3.1 score of 5.5 (MEDIUM severity) reflects local attack vector requirements and high availability impact, with no confidentiality or integrity impact. The vulnerability was published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product listings and clarifications on product family configurations. Siemens has provided vendor fixes, with updates to version 3.2 or later recommended for affected RUGGEDCOM and SCALANCE product families.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family products in industrial environments. System administrators responsible for maintaining firmware and kernel updates on industrial control systems. Security teams monitoring for Linux kernel vulnerabilities in embedded and industrial products. Asset owners following CISA ICS advisories for critical infrastructure protection.

Technical summary

The vulnerability exists in the exfat_load_bitmap() function of the Linux kernel's exFAT filesystem driver. When processing a malformed or specially crafted exFAT filesystem where the first directory entry in the root directory is not a bitmap directory entry, the buffer head ('bh') is not properly released before reassignment, causing a memory leak. This is a resource management issue (CWE-20: Improper Input Validation) that can lead to denial of service through memory exhaustion. The attack requires local access and low privileges, with no user interaction needed. The vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable kernel component.

Defensive priority

medium

Recommended defensive actions

Apply vendor-provided updates to version 3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family products per Siemens guidance
For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family products, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
Implement defense-in-depth strategies for industrial control systems as recommended by CISA, including network segmentation and access controls
Monitor for anomalous memory consumption patterns on affected systems that could indicate exploitation attempts
Review and apply CISA ICS recommended practices for securing industrial control system environments

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The affected products include RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C indicates local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, high availability impact, unproven exploit maturity, official fix remediation level, and confirmed report confidence.

Official resources

2025-08-12