PatchSiren cyber security CVE debrief

CVE-2024-50279 Siemens CVE debrief

CVE-2024-50279 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's device-mapper cache (dm-cache) subsystem. The flaw involves an index bug in bitset iteration that causes out-of-bounds access to the dirty bitset when resizing dm-cache, specifically when shrinking the fast device and checking dirty bits of cache blocks to be dropped. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families, which incorporate the vulnerable Linux kernel component. The vulnerability requires local access with low privileges to exploit, and successful exploitation results in high availability impact (denial of service) with no confidentiality or integrity impact.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

System administrators managing Siemens industrial networking equipment running SINEC OS or Linux-based firmware; security teams responsible for OT/ICS infrastructure; organizations utilizing RUGGEDCOM RST2428P or SCALANCE switch families in critical infrastructure environments; Linux kernel maintainers and distributors shipping dm-cache functionality

Technical summary

The vulnerability exists in the dm-cache target of the Linux kernel's device-mapper subsystem. When shrinking a fast cache device, the code checks dirty bits of cache blocks marked for removal. An index bug in the bitset iteration logic causes out-of-bounds memory access to the dirty bitset data structure. This is a classic off-by-one or iteration bounds error in kernel memory management code. The vulnerability is triggered during cache resize operations, specifically when reducing cache size. The attack requires local access with privileges sufficient to initiate cache resize operations. Exploitation results in kernel memory corruption leading to system crash (denial of service). The CVSS 3.1 score of 5.5 reflects the local attack vector, low complexity, and high availability impact with no confidentiality or integrity effects.

Defensive priority

medium

Recommended defensive actions

Apply vendor-provided updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to V3.2 or later version per Siemens guidance
For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and available updates
Implement defense-in-depth strategies for industrial control systems, including network segmentation and access controls to limit local attack surface
Monitor for anomalous system behavior indicative of denial-of-service conditions on affected dm-cache configurations
Review and apply CISA's ICS recommended practices for securing industrial control systems environments

Evidence notes

The vulnerability description is sourced from the CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C) confirms local attack vector with low attack complexity and low privileges required. The affected products are confirmed through Siemens' CSAF product tree with high confidence.

Official resources

This vulnerability was disclosed through coordinated disclosure via CISA and Siemens ProductCERT. The CISA advisory ICSA-25-226-07 was initially published on August 12, 2025, with subsequent updates through February 25, 2026, to correct the