PatchSiren cyber security CVE debrief
CVE-2024-52332 Siemens CVE debrief
A vulnerability in the Linux kernel's igb (Intel Gigabit Ethernet) driver could allow invalid memory access when the driver fails to initialize. The issue occurs because the dca_notifier (Direct Cache Access notifier) is not unregistered if pci_register_driver() fails during module initialization. This can lead to use-after-free or invalid memory access when the notifier is subsequently called. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM) with a local attack vector requiring low privileges. Siemens has identified affected products in their industrial networking equipment lines and provided vendor fixes.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Siemens industrial networking equipment including RUGGEDCOM RST2428P and SCALANCE switch families that incorporate the affected Linux kernel igb driver. System administrators of industrial control systems and operational technology networks should prioritize patching to prevent potential denial of service conditions that could impact network availability.
Technical summary
The igb_init_module() function in the Linux kernel's Intel Gigabit Ethernet (igb) driver fails to unregister the dca_notifier when pci_register_driver() fails. This leaves a dangling notifier registration that can be invoked after driver resources have been freed or are in an invalid state, resulting in invalid memory access. The vulnerability is triggered during driver initialization failure conditions and requires local access to the system. The primary impact is denial of service (availability) through system instability or crash.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later for affected Siemens RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per vendor guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration and patch guidance
- Implement defense-in-depth strategies for industrial control systems including network segmentation and access controls
- Monitor for anomalous system behavior or crashes that could indicate exploitation attempts
- Review and apply CISA ICS recommended practices for securing industrial control systems
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA ICS advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative vendor source. Advisory modified 2026-02-25 with republication based on updated Siemens guidance. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack, low complexity, low privileges required, no user interaction, with high availability impact.
Official resources
-
CVE-2024-52332 CVE record
CVE.org
-
CVE-2024-52332 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12