PatchSiren cyber security CVE debrief

CVE-2024-50024 Siemens CVE debrief

CVE-2024-50024 is a medium-severity vulnerability (CVSS 5.5) affecting Siemens industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families. The vulnerability, described as an unsafe loop on a list in the networking component, was published on August 12, 2025, and last modified on February 25, 2026. The issue stems from third-party components in SINEC OS, as detailed in CISA advisory ICSA-25-226-07, which was republished based on Siemens ProductCERT advisory SSA-355557. The vulnerability allows a local attacker with low privileges to cause a denial of service condition (availability impact: high) with no confidentiality or integrity impact. The attack vector is local, requires low attack complexity, and no user interaction. Siemens has provided vendor fixes: affected products should be updated to version 3.2 or later. For the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, additional configuration guidance is available in the advisory. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no known ransomware campaign use has been reported.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure sectors such as energy, manufacturing, and transportation. Security teams responsible for OT/ICS environments, network administrators managing RUGGEDCOM and SCALANCE devices, and compliance officers tracking CVE remediation for industrial control systems should prioritize this update.

Technical summary

The vulnerability exists in the networking stack (net component) of SINEC OS, where an unsafe loop on a list can be triggered by a local attacker with low privileges. The CVSS 3.1 score of 5.5 reflects local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact with no confidentiality or integrity impact. The vulnerability affects three product families: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Siemens has released firmware version 3.2 or later to address this issue. The CISA advisory was initially published on August 12, 2025, with subsequent updates in February 2026 to correct affected product listings and clarify configurations.

Defensive priority

medium

Recommended defensive actions

Apply vendor-provided firmware updates to version 3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
Review Siemens SSA-355557 advisory for specific configuration guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family remediation
Implement network segmentation for industrial control systems to limit local access to affected devices
Follow CISA ICS recommended practices for defense-in-depth strategies
Monitor Siemens ProductCERT and CISA ICS advisories for future updates to this vulnerability

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Source: CISA CSAF advisory ICSA-25-226-07, republished based on Siemens SSA-355557. Affected products confirmed via CSAF product tree: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Remediation: update to V3.2 or later.

Official resources

2025-08-12