PatchSiren cyber security CVE debrief
CVE-2024-50295 Siemens CVE debrief
A vulnerability in the ARCnet network driver (net: arc) of the Linux kernel generates a warning condition when the network device structure (ndev->dev) and platform device structure (pdev->dev) reference different devices. This condition can lead to local denial of service through system instability or warning floods. The vulnerability requires local access with low privileges and no user interaction. Siemens has identified affected products in their industrial networking equipment portfolio running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE X-family industrial Ethernet switches in critical infrastructure environments. OT security teams managing SINEC OS deployments. Asset owners requiring CISA-tracked vulnerability remediation for compliance purposes. Network administrators responsible for ARCnet legacy network segments in industrial environments. Security operations centers monitoring for Linux kernel driver anomalies in embedded industrial systems. Compliance teams tracking CVE-2024 disclosures for patch management programs. Industrial control system integrators deploying Siemens networking equipment in manufacturing, energy, or transportation sectors.
Technical summary
The vulnerability exists in the ARCnet (Attached Resource Computer Network) driver within the Linux kernel networking subsystem. The driver generates a warning when the network device structure's embedded device pointer (ndev->dev) does not match the platform device structure's device pointer (pdev->dev). This device mismatch warning can be triggered to cause local denial of service conditions. The CVSS 3.1 score of 5.5 (MEDIUM) reflects the local attack vector, low attack complexity, low privilege requirements, and high availability impact. No confidentiality or integrity impacts are associated with this vulnerability. Siemens ProductCERT has confirmed affected status for specific industrial Ethernet switch models running SINEC OS, with remediation through firmware updates to version 3.2 or later.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and patch availability
- Implement network segmentation for industrial control systems to limit local access vectors
- Monitor system logs for ARCnet driver warnings indicating potential exploitation attempts
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Restrict local access to industrial network devices to authorized personnel only
Evidence notes
CVE published 2025-08-12. CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative source. Advisory modified 2026-02-25 with republication based on Siemens update. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H scoring 5.5 MEDIUM. CWE-20 (Improper Input Validation) associated.
Official resources
-
CVE-2024-50295 CVE record
CVE.org
-
CVE-2024-50295 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public