CVE-2024-50287 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH family devices. OT security teams managing SINEC OS deployments in critical infrastructure environments. System administrators responsible for firmware maintenance of Siemens industrial Ethernet switches.

Technical summary

The vulnerability resides in the Video4Linux2 Test Pattern Generator (v4l2-tpg) component of the Linux kernel. The `tpg_precalculate_line()` function performs buffer rescaling operations without validating that the `scaled_width` parameter is non-zero. When `scaled_width` equals zero, the rescaling logic triggers a division-by-zero condition, resulting in a kernel crash and system availability impact. This is a local attack vector requiring low privileges with no user interaction. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating high availability impact but no confidentiality or integrity impact.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to affected Siemens industrial networking devices. For RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, update to firmware version V3.2 or later. For SCALANCE
• severityScore
• severityScore
• severityScore
• severityScore
• severityScore
• severityScore
• severityScore

Evidence notes

The vulnerability was identified through Coverity static analysis. The flaw is located in the Linux kernel's v4l2-tpg subsystem, specifically in the `tpg_precalculate_line()` function where buffer rescaling occurs without zero-check validation of the `scaled_width` parameter.

Official resources