PatchSiren cyber security CVE debrief
CVE-2024-50099 Siemens CVE debrief
CVE-2024-50099 describes broken LDR (literal) uprobe support in the arm64 architecture's probes subsystem. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products, specifically the RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. However, the CISA advisory marks the impact assessment as 'Misinformed' for these products, indicating potential discrepancies in the initial vulnerability applicability. The advisory has undergone multiple revisions, with the most recent update on 2026-02-25 reflecting CISA republication based on Siemens ProductCERT SSA-355557 advisory. No CVSS score or severity rating is currently available for this CVE.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH families), security teams monitoring ARM64-based systems using uprobes for dynamic instrumentation, OT/ICS security practitioners tracking CISA advisories, and Linux kernel maintainers responsible for ARM64 probe subsystem integrity.
Technical summary
CVE-2024-50099 identifies a defect in the ARM64 architecture's probe subsystem, specifically affecting LDR (literal) uprobe support. Uprobes are a kernel mechanism that allows dynamic instrumentation of userspace applications at specified instruction addresses, commonly used for debugging, tracing, and security monitoring. The LDR (literal) instruction on ARM64 loads a 32-bit or 64-bit value from a PC-relative address into a register. Broken support for this instruction pattern in the uprobe implementation could lead to incorrect probe behavior, potentially causing crashes, missed events, or unreliable tracing data. While the vulnerability is classified with 'Misinformed' impact for the listed Siemens industrial networking products, organizations using ARM64-based systems with uprobe-dependent security tools should verify their exposure. The kernel-level nature of this flaw means remediation requires kernel updates from the respective Linux distribution or device vendor.
Defensive priority
medium
Recommended defensive actions
- Verify whether affected Siemens products (RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH families) are deployed in your environment
- Monitor Siemens ProductCERT SSA-355557 advisory for updated impact assessment and patch availability
- Review CISA ICS recommended practices for industrial control system defense in depth
- Assess whether ARM64-based systems in your environment rely on uprobe functionality for security monitoring or debugging
- Await further clarification from Siemens on actual vulnerability impact given the 'Misinformed' classification
- Subscribe to CISA ICS advisories for updates on ICSA-25-226-07
Evidence notes
The vulnerability description indicates an issue with arm64 uprobe support for LDR (literal) instructions, which could affect debugging and tracing capabilities on ARM64-based systems. The 'Misinformed' impact classification from CISA suggests the initial vulnerability reporting may have overstated or mischaracterized the actual risk to the listed Siemens products.
Official resources
-
CVE-2024-50099 CVE record
CVE.org
-
CVE-2024-50099 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12