PatchSiren cyber security CVE debrief
CVE-2024-50267 Siemens CVE debrief
A use-after-free vulnerability exists in the Linux kernel USB serial io_edgeport driver. The flaw occurs when `dev_dbg(&urb->dev->dev, ...)` is called after `usb_free_urb(urb)`, resulting in a use-after-free of the `urb` pointer. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family switches. The vulnerability requires local access with low privileges and can result in high availability impact (system crash or denial of service).
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial Ethernet switches in critical infrastructure environments, including utilities, manufacturing, and transportation sectors.
Technical summary
The vulnerability is a use-after-free (CWE-416) in the Linux kernel's USB serial io_edgeport driver. The bug manifests when a debug printk statement references `urb->dev->dev` after the URB (USB Request Block) has been freed via `usb_free_urb(urb)`. This results in accessing freed kernel memory, which can cause kernel panics or system instability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact. The vulnerability is rated MEDIUM severity (5.5). Affected Siemens products incorporate this vulnerable kernel component in their SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens advisory SSA-355557 for specific configuration and update guidance
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Restrict physical and logical access to affected devices to authorized personnel only
- Monitor for anomalous system behavior or unexpected reboots that may indicate exploitation attempts
Evidence notes
The vulnerability was disclosed in CISA advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The issue stems from a debug printk statement accessing freed memory in the USB serial io_edgeport driver. Siemens has provided vendor fixes: update to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family; specific guidance for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family is available in the advisory.
Official resources
-
CVE-2024-50267 CVE record
CVE.org
-
CVE-2024-50267 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12