PatchSiren cyber security CVE debrief
CVE-2024-50269 Siemens CVE debrief
A use-after-free vulnerability exists in the USB MUSB (Multipoint USB) driver for Allwinner sunxi platforms within the Linux kernel. The flaw occurs when the USB PHY (physical layer) is accessed after it has been released, specifically through the `glue->xceiv` pointer. A local attacker with low privileges could exploit this to cause a denial of service (system crash or instability) on affected systems. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM) with an attack vector of local access, low attack complexity, and low privileges required. No confidentiality or integrity impact is assessed, but availability impact is rated HIGH. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified affected products in their industrial networking equipment lines and provided vendor fixes.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment in critical infrastructure environments, OT security teams managing SCALANCE and RUGGEDCOM devices, and system administrators responsible for firmware maintenance in industrial control systems.
Technical summary
The vulnerability exists in the `drivers/usb/musb/sunxi.c` driver where the USB PHY transceiver (`xceiv`) is accessed through a pointer (`glue->xceiv`) after the PHY has been released. This use-after-free condition can trigger when the USB controller is being torn down or during error handling paths. The flaw is classified under CWE-416 (Use After Free). Exploitation requires local access with low privileges and can result in kernel panic or system instability. The vulnerability affects Siemens industrial networking products running vulnerable Linux kernel versions, including RUGGEDCOM RST2428P and multiple SCALANCE product families.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected Siemens RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
- Implement physical access controls to prevent unauthorized local access to affected industrial control systems
- Monitor for anomalous system crashes or USB-related errors that could indicate exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability description indicates a use-after-free condition in the USB MUSB sunxi driver where `glue->xceiv` is accessed after the USB PHY has been released. The CVSS vector confirms local attack vector with low privileges required and high availability impact. Siemens ProductCERT advisory SSA-355557 is the authoritative source for affected product identification and remediation guidance. CISA republished this advisory on February 25, 2026, with updates based on the Siemens advisory.
Official resources
-
CVE-2024-50269 CVE record
CVE.org
-
CVE-2024-50269 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12