PatchSiren cyber security CVE debrief
CVE-2024-50202 Siemens CVE debrief
A vulnerability in the nilfs2 filesystem driver of the Linux kernel, where nilfs_find_entry() fails to propagate errors when loading directory pages/folios via nilfs_get_folio(). This error handling omission can lead to task hangs (observed in vcs_open() during fuzzing) when corrupted filesystem images present large directory inode sizes that pass initial reads but fail subsequent sanity checks. The vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable kernel component.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. System administrators responsible for Linux kernel security in embedded and industrial control environments where nilfs2 filesystem support may be present. Security teams monitoring for filesystem-level vulnerabilities that could impact operational technology availability.
Technical summary
The nilfs2 filesystem driver contains a flaw in nilfs_find_entry() where errors from nilfs_get_folio() during directory page/folio loading are ignored rather than propagated. When a corrupted filesystem image presents a large directory inode size that passes initial read operations but fails sanity validation, the function continues execution without proper error handling. This can result in infinite loops or hung tasks, as demonstrated by vcs_open() hangs during fuzzing tests. The vulnerability is triggered through malformed nilfs2 filesystem images and represents a denial-of-service condition rather than direct code execution.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for definitive affected product and patch information
- Verify SINEC OS and underlying Linux kernel versions on affected Siemens network infrastructure
- Assess nilfs2 filesystem usage in operational environments; consider disabling or restricting access if not required
- Apply vendor-provided firmware updates when available per Siemens security advisory guidance
- Monitor for anomalous system hangs or unresponsive behavior in industrial control system endpoints
- Implement defense-in-depth strategies per CISA ICS recommended practices for network segmentation of critical infrastructure components
Evidence notes
The vulnerability description indicates this was discovered through fuzzing of nilfs2, with the root cause identified as improper error propagation in directory entry lookup. The CISA CSAF advisory (ICSA-25-226-07) was initially published 2025-08-12 and subsequently modified 2026-02-12, 2026-02-24, and 2026-02-25 to correct affected product listings and incorporate updates from Siemens ProductCERT SSA-355557. The advisory's threat assessment categorizes impact as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003.
Official resources
-
CVE-2024-50202 CVE record
CVE.org
-
CVE-2024-50202 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12