CVE-2024-50059 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial Ethernet switches in critical infrastructure environments, particularly those in energy, manufacturing, and transportation sectors where these devices are commonly deployed.

Technical summary

The vulnerability exists in the `switchtec_ntb_remove` function of the Switchtec NTB hardware driver. A race condition during device removal can lead to use-after-free memory corruption. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) indicates this requires local access with low privileges but can result in high impact to system integrity and availability. The vulnerability was originally identified in the Linux kernel NTB subsystem and affects Siemens products incorporating the vulnerable component.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products as specified in Siemens security advisory
• Review and implement CISA ICS recommended practices for defense-in-depth strategies
• Monitor Siemens ProductCERT and CISA ICS advisories for additional updates or clarifications to affected product configurations
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Section Additional Information in the advisory for specific configuration guidance

Evidence notes

Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, with high impact to integrity and availability.

Official resources