CVE-2024-50095 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial network infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH families, particularly those utilizing RDMA-CM for high-performance computing or storage networking in industrial environments.

Technical summary

The vulnerability exists in the RDMA MAD agent timeout handler within the Linux kernel. When processing timed-out Work Requests (WRs), the original implementation performed individual lock acquisitions and releases for each WR, causing heavy locking contention. Under high-load scenarios involving RDMA-CM connection establishment between peer nodes, this contention leads to soft lockups. The resolution creates a local list of timed-out WRs and processes them with a single lock acquisition/release cycle, eliminating the per-WR locking overhead.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to affected Siemens industrial network devices
• For RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family, update to V3.2 or later
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult vendor documentation for specific update guidance
• Monitor RDMA-CM connection establishment for signs of soft lockup or system unresponsiveness
• Implement network segmentation for RDMA-enabled industrial control systems
• Review and apply CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

The vulnerability was resolved in the Linux kernel RDMA/mad subsystem. The issue was identified through soft lockup traces observed during RDMA-CM path usage for peer node connection establishment. The root cause was excessive lock contention in the timeout handler when processing multiple timed-out WRs.

Official resources