PatchSiren cyber security CVE debrief
CVE-2024-50188 Siemens CVE debrief
A memory corruption vulnerability exists in the DP83869 PHY driver within the Linux kernel networking subsystem. The flaw stems from an incorrect API usage where linkmode_set_bit() is called with a bit mask (1 << 10) instead of the expected bit number (10). This error causes memory corruption at an unintended location—specifically, on arm64 architectures, the priv pointer within the same structure is corrupted. The vulnerability is triggered when configuring the fiber port on affected devices.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH product families. System administrators managing SINEC OS deployments and OT security teams responsible for patch management in industrial environments should prioritize assessment and remediation.
Technical summary
The DP83869 PHY driver in the Linux kernel contains a memory corruption vulnerability triggered during fiber port configuration. The driver incorrectly passes a bit mask (1 << 10) to linkmode_set_bit() when the function expects a bit number (10). This type confusion results in out-of-bounds memory access, corrupting adjacent structure members including the priv pointer on arm64 systems. The vulnerability is classified as CWE-787 (Out-of-bounds Write). Exploitation requires local access with low privileges and can result in denial of service through availability impact.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE product families
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation to limit access to affected industrial control systems
- Monitor for anomalous device behavior or unexpected reboots that may indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Review and apply Siemens security advisories for SINEC OS and related third-party components
Evidence notes
The vulnerability description is sourced from CISA ICS Advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The flaw affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable DP83869 PHY driver. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges and no user interaction, resulting in high availability impact.
Official resources
-
CVE-2024-50188 CVE record
CVE.org
-
CVE-2024-50188 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12