PatchSiren cyber security CVE debrief
CVE-2024-50201 Siemens CVE debrief
This CVE addresses a validation gap in the Linux kernel's DRM/Radeon subsystem where the `encoder->possible_clones` field was not properly validated during driver initialization. The issue could result in warnings during driver load but does not appear to enable privilege escalation or code execution. The vulnerability is rated MEDIUM severity (CVSS 5.5) with a local attack vector requiring low privileges and no user interaction, with high availability impact but no confidentiality or integrity impact. Siemens has identified affected products in their industrial networking portfolio including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. Vendor fixes are available requiring updates to version 3.2 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 switch families. Industrial control system operators in critical infrastructure sectors should prioritize patching during maintenance windows.
Technical summary
The vulnerability exists in the Linux kernel's Direct Rendering Manager (DRM) Radeon driver subsystem. The `encoder->possible_clones` field, which indicates which encoders can be used simultaneously for cloning display outputs, was not validated during driver initialization. This validation gap could result in warnings during driver load. The issue is classified as CWE-20 (Improper Input Validation). The attack requires local access with low privileges and can result in high availability impact, though no confidentiality or integrity impact is indicated. Affected Siemens products incorporate this vulnerable Linux kernel component in their SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens support documentation for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local attack surface
- Monitor for anomalous driver initialization warnings in system logs as potential indicators of exploitation attempts
- Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative vendor source. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack surface with availability impact only. Remediation guidance specifies V3.2 or later for affected products.
Official resources
-
CVE-2024-50201 CVE record
CVE.org
-
CVE-2024-50201 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12