PatchSiren cyber security CVE debrief
CVE-2024-50194 Siemens CVE debrief
This CVE describes a vulnerability in the Linux kernel's arm64 uprobes implementation on big-endian kernels. The uprobes code fails to convert in-memory instruction encoding (always little-endian) to the kernel's native endianness before analysis and simulation. This is a kernel-level issue affecting ARM64 architectures running in big-endian mode. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified this CVE as affecting certain industrial networking products including the RUGGEDCOM RST2428P and SCALANCE families, though the CISA advisory marks the impact assessment as 'Misinformed' for the listed product IDs. No CVSS score or severity is available in the source data. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) that may run big-endian ARM64 kernel configurations. Security teams managing OT/ICS environments should monitor for Siemens firmware updates addressing this kernel-level issue.
Technical summary
The Linux kernel's uprobes (user-space probes) implementation on ARM64 architectures contains an endianness handling defect when running in big-endian mode. The code fails to perform byte-order conversion on instruction encodings fetched from user-space memory, which are always stored in little-endian format regardless of kernel endianness. This can lead to incorrect instruction analysis and simulation, potentially causing probe misbehavior or system instability. The vulnerability is specific to big-endian ARM64 kernel configurations and affects the probes subsystem used for dynamic instrumentation and debugging.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
- Verify if deployed Siemens industrial networking equipment runs big-endian ARM64 kernel configurations
- Monitor CISA ICS advisories for updates to ICSA-25-226-07
- Apply kernel updates from Siemens when available for affected SCALANCE and RUGGEDCOM products
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The advisory was initially published 2025-08-12 and underwent multiple revisions through 2026-02-25, including corrections to affected products list and removal of rejected CVEs. The threat category is marked as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. No CVSS vector or score is provided in the source.
Official resources
-
CVE-2024-50194 CVE record
CVE.org
-
CVE-2024-50194 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12