PatchSiren cyber security CVE debrief
CVE-2024-50096 Siemens CVE debrief
CVE-2024-50096 describes a vulnerability in the nouveau/dmem component related to migrate_to_ram upon copy error. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. CISA republished this advisory based on Siemens ProductCERT SSA-355557 advisory as of the February 25, 2026 update. The vulnerability affects Siemens industrial networking products including RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The source advisory underwent multiple revisions, with significant updates in February 2026 including corrections to affected products list and clarification of affected configurations for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family. No CVSS score or severity rating is available in the source data. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments should assess their exposure and apply vendor guidance.
Technical summary
A vulnerability exists in the nouveau/dmem component where migrate_to_ram fails to properly handle copy errors. This affects memory migration operations in systems using the nouveau graphics driver. The vulnerability impacts Siemens industrial networking equipment running affected Linux-based firmware versions.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance
- Verify affected product configurations against clarified guidance in February 2026 advisory updates
- Apply vendor-provided security updates when available per Siemens recommendations
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor CISA ICS advisories for additional updates to this vulnerability
Evidence notes
Source: CISA CSAF advisory ICSA-25-226-07, republished from Siemens ProductCERT SSA-355557. Advisory revision history shows multiple updates through February 2026 correcting affected product listings and clarifying configurations.
Official resources
-
CVE-2024-50096 CVE record
CVE.org
-
CVE-2024-50096 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12