CVE-2024-50198 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH product families running SINEC OS. System administrators responsible for Linux-based industrial control systems with ambient light sensor hardware. Security teams monitoring kernel-level vulnerabilities in embedded industrial devices. Organizations subject to NERC CIP or other industrial cybersecurity frameworks requiring timely vulnerability remediation.

Technical summary

The vulnerability exists in the `in_illuminance_period_available_show` function within the Linux kernel's IIO light sensor driver for the VEML6030 ambient light sensor. The function incorrectly handles device pointer retrieval: the received `dev` pointer references the device embedded in the IIO device structure, not the I2C client device as assumed. The proper `dev_to_iio_dev()` macro must be used to correctly access the IIO device data. The current implementation assigns NULL to `indio_dev`, causing a segmentation fault on every read attempt of the `in_illuminance_period_available` sysfs attribute. This is a classic NULL pointer dereference (CWE-476) resulting in denial of service through system crash. The vulnerability requires local access with low privileges but no user interaction, making it exploitable by authenticated local users or processes on affected systems.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to address the underlying kernel vulnerability in affected Siemens industrial networking products
• For RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, update to SINEC OS V3.2 or later
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update to V3.2 or later
• Restrict local access to industrial control systems and implement defense-in-depth strategies per CISA ICS recommended practices
• Monitor for anomalous system crashes or segmentation faults in IIO subsystem logs that may indicate exploitation attempts
• Review and apply Siemens security advisories for SINEC OS and related industrial networking products on a regular basis

Evidence notes

The vulnerability description is sourced from CISA ICS Advisory ICSA-25-226-07, which republishes Siemens ProductCERT advisory SSA-355557. The technical details indicate this is a Linux kernel driver bug in the veml6030 ambient light sensor IIO driver. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity and low privileges required, resulting in high availability impact. The vulnerability was initially published on 2025-08-12 and last modified on 2026-02-25 when CISA republished based on updated Siemens advisory information.

Official resources