CVE-2024-52533 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking products covered by the advisory, especially RUGGEDCOM RST2428P and the SCALANCE families listed in the CISA/Siemens references. OT and ICS operators, network engineers, and vulnerability management teams should prioritize this if the device is reachable from untrusted networks or used in critical control paths.

Technical summary

The source description says gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 contains an off-by-one error that can overflow a buffer because SOCKS4_CONN_MSG_LEN does not include room for a trailing '\0' character. CISA’s republication of Siemens advisory SSA-089022 lists multiple affected Siemens products and remediation to V3.3 or later for the impacted product entries. The advisory revision history also shows a later clarification that only SINEC OS firmware is impacted, which is important for scoping validation and patch planning.

Defensive priority

Critical. The supplied CVSS vector is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), so this should be handled as an urgent patch-and-mitigate item for any exposed or business-critical deployment.

Recommended defensive actions

• Confirm whether any Siemens devices in scope are running the affected SINEC OS firmware versions referenced by the advisory.
• Apply Siemens remediation guidance and update to V3.3 or later where the advisory maps that fix to the affected product.
• Use the Siemens support advisory and CISA republication to validate the exact affected product/firmware combination before scheduling maintenance.
• Prioritize devices that are internet-reachable, reachable from less-trusted segments, or used in critical OT communication paths.
• If patching is delayed, apply compensating controls from ICS defense-in-depth guidance such as network segmentation and tight access control around management interfaces.
• Review asset inventories for all products named in the advisory, including RUGGEDCOM RST2428P and the listed SCALANCE families.
• Track the CISA/Siemens advisory revision history so scope changes or clarifications are reflected in remediation plans.

Evidence notes

The source corpus states that GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing NUL byte. The CISA CSAF item for ICSA-26-043-06 republishes Siemens advisory SSA-089022, lists the affected Siemens products, and includes remediation to update to V3.3 or later for the relevant product IDs. The revision history further notes a later clarification that only SINEC OS firmware is impacted. The CVSS vector supplied in the advisory is 9.8 with network attack, low complexity, no privileges, no user interaction, and high confidentiality/integrity/availability impact.

Official resources