CVE-2024-50602 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE and RUGGEDCOM industrial networking infrastructure, particularly those in critical infrastructure sectors relying on these devices for network segmentation and connectivity in industrial control system environments.

Technical summary

The vulnerability exists in libexpat versions prior to 2.6.4, specifically within the XML_ResumeParser function. The crash occurs when XML_StopParser is invoked to stop or suspend a parser instance that has not been started, resulting in a denial-of-service condition. The CVSS 3.1 score of 5.5 (MEDIUM) reflects a local attack vector with low attack complexity, no privileges required, but requiring user interaction. The confidentiality and integrity impacts are none, with high availability impact. Affected Siemens products include industrial Ethernet switches and routers used in operational technology environments.

Defensive priority

medium

Recommended defensive actions

• Update affected Siemens products to version 3.2 or later as specified in vendor advisories
• Review Siemens ProductCERT advisory SSA-355557 for specific product configuration guidance
• Apply defense-in-depth practices for industrial control systems per CISA recommendations
• Monitor for additional vendor updates regarding the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configuration clarifications

Evidence notes

The vulnerability description and affected products are derived from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H indicates a local attack vector requiring user interaction, with high availability impact.

Official resources