PatchSiren cyber security CVE debrief
CVE-2024-50304 Siemens CVE debrief
A vulnerability in the Linux kernel's IPv4 IP tunnel implementation (ip_tunnel_find()) could allow a local attacker to cause a denial of service condition. The issue involves suspicious RCU (Read-Copy-Update) usage that may lead to system instability. Siemens has identified this vulnerability as affecting multiple industrial networking products running SINEC OS, including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH family devices. The vulnerability was disclosed in CISA advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026, clarifying affected product configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial environments. Security teams responsible for OT/ICS infrastructure, network administrators managing industrial Ethernet switches, and compliance officers tracking CVE remediation for critical infrastructure assets.
Technical summary
The vulnerability exists in the ip_tunnel_find() function within the Linux kernel's IPv4 tunneling subsystem. Improper RCU synchronization primitives usage creates a race condition that can be triggered by a local attacker with low privileges, resulting in system warnings and potential denial of service. The attack requires local access (AV:L) with low attack complexity (AC:L) and low privileges (PR:L), with no user interaction needed. The vulnerability has no impact on confidentiality or integrity, but high availability impact (A:H). Siemens products incorporating the vulnerable kernel component are affected, specifically industrial Ethernet switches running SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products where applicable
- Review Siemens SSA-355557 advisory for specific configuration guidance on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT channels for additional remediation updates
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07. Affected products confirmed through Siemens ProductCERT SSA-355557. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Remediation guidance specifies update to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family requires vendor-specific configuration guidance per Section Additional Information.
Official resources
-
CVE-2024-50304 CVE record
CVE.org
-
CVE-2024-50304 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12