PatchSiren cyber security CVE debrief
CVE-2024-50262 Siemens CVE debrief
CVE-2024-50262 is a medium-severity (CVSS 5.5) out-of-bounds write vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically within the `trie_get_next_key()` function. The vulnerability was resolved in the upstream Linux kernel. Siemens has identified this CVE as affecting multiple industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vulnerability requires local access with low privileges and can result in high availability impact through denial of service. Siemens has released vendor fixes, with updates to V3.2 or later versions recommended for affected products. The CISA advisory ICSA-25-226-07 was initially published on August 12, 2025, and most recently updated on February 25, 2026, to reflect corrections to the affected products list and republication based on Siemens ProductCERT advisory SSA-355557. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices in industrial control system environments. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this vulnerability due to its potential for localized denial of service in critical infrastructure networks.
Technical summary
CVE-2024-50262 is an out-of-bounds write vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically in the `trie_get_next_key()` function. The vulnerability allows a local attacker with low privileges to cause a denial of service condition. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact. The vulnerability affects Siemens industrial networking products utilizing SINEC OS, including RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices. The upstream Linux kernel fix resolves the out-of-bounds write condition in the BPF LPM trie map implementation.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later for affected Siemens RUGGEDCOM and SCALANCE products per product-specific guidance
- Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and remediation steps
- Implement network segmentation for industrial control systems to limit local access vectors
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor for additional vendor guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations
Evidence notes
CVE description confirms out-of-bounds write in Linux kernel BPF trie_get_next_key() function. CISA CSAF advisory ICSA-25-226-07 identifies affected Siemens products. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with availability impact. Remediation guidance specifies vendor fix via update to V3.2 or later.
Official resources
-
CVE-2024-50262 CVE record
CVE.org
-
CVE-2024-50262 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12