PatchSiren cyber security CVE debrief
CVE-2024-50015 Siemens CVE debrief
CVE-2024-50015 is a medium-severity vulnerability in the ext4 filesystem's Direct Access (DAX) implementation that can cause extent overflows beyond inode size during partial write operations. The vulnerability was published on August 12, 2025, and affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family switches. The issue stems from improper handling of extent boundaries when performing partial writes in DAX mode, potentially leading to availability impacts. Siemens has provided vendor fixes, with updates to version 3.2 or later recommended for affected products. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no known ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P ruggedized switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH family managed switches. System administrators responsible for SINEC OS-based devices in industrial control system environments, particularly those in critical infrastructure sectors where network availability is essential. Security teams monitoring OT/ICS asset inventories for third-party Linux kernel component vulnerabilities.
Technical summary
The vulnerability exists in the ext4 filesystem's Direct Access (DAX) path where partial write operations can cause extent structures to overflow beyond the allocated inode size. DAX allows applications to directly access persistent memory without page cache involvement, but improper bounds checking during extent manipulation can lead to out-of-bounds conditions. The CVSS 3.1 score of 5.5 reflects a local attack vector with low complexity and privileges required, resulting in high availability impact but no confidentiality or integrity impact. This suggests the vulnerability can be triggered by a local authenticated user to cause denial-of-service conditions through filesystem corruption or system instability.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens RUGGEDCOM RST2428P devices to version 3.2 or later
- Update affected SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to version 3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult vendor documentation for specific configuration guidance and apply version 3.2 or later
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT advisory SSA-355557 for additional updates
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, requiring low privileges, with high availability impact. Remediation guidance specifies version 3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family; SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family has additional configuration guidance per Section Additional Information.
Official resources
-
CVE-2024-50015 CVE record
CVE.org
-
CVE-2024-50015 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12