PatchSiren cyber security CVE debrief
CVE-2024-50299 Siemens CVE debrief
A vulnerability in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation has been resolved. The flaw existed in the sctp_sf_ootb() function, which did not properly validate chunk sizes. This could lead to out-of-bounds access conditions when processing malformed SCTP packets. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE switch families. The issue has been addressed through kernel updates that implement proper chunk size validation in the SCTP state machine.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family switches in industrial environments. Critical infrastructure operators using these devices in process control networks, utility substations, transportation systems, and manufacturing environments where SCTP may be used for signaling or control communications. Security teams responsible for industrial control system asset management and vulnerability remediation programs.
Technical summary
The vulnerability resides in the sctp_sf_ootb() function within the Linux kernel's SCTP implementation. The function handles out-of-the-blue (OOTB) SCTP packets—packets received without an established association. Insufficient validation of chunk length fields could result in out-of-bounds memory access when processing malformed SCTP chunks. The SCTP protocol is used in telecommunications and industrial applications for reliable message transport. The fix implements proper bounds checking on chunk size parameters before processing. Affected Siemens products incorporate the vulnerable kernel component in their firmware. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with high availability impact, suggesting potential for denial-of-service conditions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation for industrial control systems to limit exposure of SCTP-enabled devices
- Monitor for anomalous SCTP traffic patterns that may indicate attempted exploitation
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2025-08-12. CISA ICS advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative source. Advisory modified 2026-02-25 with republication based on updated Siemens guidance. CVSS 5.5 (MEDIUM) with local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact.
Official resources
-
CVE-2024-50299 CVE record
CVE.org
-
CVE-2024-50299 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public