PatchSiren cyber security CVE debrief
CVE-2024-50278 Siemens CVE debrief
CVE-2024-50278 is a HIGH severity vulnerability (CVSS 7.1) in the Linux kernel's device-mapper cache (dm cache) subsystem. The flaw involves a potential out-of-bounds access that occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The vulnerability was published on August 12, 2025, and the advisory was most recently modified on February 25, 2026, to incorporate updates from Siemens ProductCERT. The attack vector is local, requiring low privileges and low attack complexity, with high impacts to confidentiality and availability but no integrity impact. Siemens has released vendor fixes, with updates to V3.2 or later versions recommended for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices in critical infrastructure, manufacturing, and industrial automation environments. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this update.
Technical summary
The vulnerability exists in the Linux kernel's device-mapper cache (dm cache) implementation. An out-of-bounds access can occur during the first resume of the cache table if the underlying fast device has been unexpectedly expanded. This condition creates a memory safety issue that could lead to information disclosure or denial of service. The vulnerability is exploitable locally with low privileges and does not require user interaction. The attack surface is limited to systems where an attacker can influence device state prior to cache resumption.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later version for affected Siemens RUGGEDCOM and SCALANCE products as specified in Siemens ProductCERT advisory
- Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
- Monitor for unexpected fast device expansion events in dm cache configurations prior to first-time resume operations
- Validate cache table state before resuming operations after any storage device modifications
- Consult Siemens support resources for specific configuration guidance for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family products
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H indicates local attack vector with high confidentiality and availability impact. Remediation guidance specifies vendor fix through update to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE families.
Official resources
-
CVE-2024-50278 CVE record
CVE.org
-
CVE-2024-50278 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12