PatchSiren cyber security CVE debrief
CVE-2024-50180 Siemens CVE debrief
A buffer overflow vulnerability exists in the Linux kernel's sisfb framebuffer driver. The strbuf array, sized at 16 bytes, can be overflowed when sprintf() writes formatted resolution values (xres and yres) obtained from strbuf1. If strbuf1 contains non-digit characters including a space, the resulting formatted string can exceed the 16-byte buffer boundary, leading to a local denial-of-service condition. This vulnerability requires local access with low privileges and has no impact on confidentiality or integrity, but can cause high availability impact through system crash or instability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family industrial Ethernet switches should prioritize patching. System administrators responsible for industrial control system security, OT security teams, and infrastructure operators in critical manufacturing, energy, and transportation sectors should assess exposure and apply vendor fixes.
Technical summary
The sisfb driver in the Linux kernel contains a buffer overflow vulnerability in its string buffer handling. The strbuf array is allocated as 16 bytes, but values for xres and yres are parsed from strbuf1 which may contain non-digit characters including spaces. When these values are formatted via sprintf(strbuf, '%ux%ux8', xres, yres), the resulting string can exceed the 16-byte allocation, causing memory corruption. This is a local vulnerability exploitable by users with low privileges, resulting in denial-of-service through system crash or kernel instability. The vulnerability affects Siemens industrial networking products running vulnerable Linux kernel versions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected Siemens RUGGEDCOM and SCALANCE products
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult vendor documentation for specific configuration guidance
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Restrict local access to affected systems to authorized personnel only
- Monitor for anomalous system crashes or instability in framebuffer-dependent operations
Evidence notes
The vulnerability description indicates a classic buffer overflow in kernel framebuffer code. The strbuf array is fixed at 16 bytes, but the sprintf() format string '%ux%ux8' combined with resolution values parsed from potentially malformed strbuf1 input can produce output exceeding this bound. The CVSS vector confirms local attack vector with low attack complexity and low privileges required.
Official resources
-
CVE-2024-50180 CVE record
CVE.org
-
CVE-2024-50180 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12