PatchSiren cyber security CVE debrief
CVE-2024-53052 Siemens CVE debrief
CVE-2024-53052 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's io_uring subsystem, specifically affecting how O_DIRECT writes are handled. The flaw occurs because io_uring fails to check for the IOCB_NOWAIT flag when initiating O_DIRECT write operations. This omission can lead to deadlocks when a mount point is being frozen, as the write operation may block indefinitely waiting for I/O completion while the freeze operation holds necessary locks. The vulnerability has local attack vector requirements, low attack complexity, and requires low privileges, with high availability impact but no confidentiality or integrity impact. Siemens has identified this vulnerability as affecting multiple industrial networking products running SINEC OS, including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH family devices. The vendor has provided patches with updates to version 3.2 or later recommended for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH family devices in critical infrastructure environments. Security teams responsible for OT/ICS asset management, system administrators maintaining industrial Ethernet networks, and compliance officers tracking CVE remediation in industrial control systems should prioritize this advisory.
Technical summary
The vulnerability exists in the io_uring/rw subsystem of the Linux kernel. When performing O_DIRECT writes through io_uring, the implementation fails to verify the presence of the IOCB_NOWAIT flag. This missing check allows write operations to proceed in a blocking manner even when the underlying mount point is being frozen. The resulting race condition can cause a deadlock: the freeze operation holds locks needed for I/O completion, while the pending write waits indefinitely for that completion. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects local attack requirements with high availability impact. Affected Siemens products incorporate vulnerable Linux kernel versions in their SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.2 or later for affected Siemens RUGGEDCOM and SCALANCE devices as specified in Siemens ProductCERT advisory SSA-355557
- Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
- Monitor for anomalous system behavior or unexpected I/O blocking on affected devices that may indicate exploitation attempts
- Ensure proper network segmentation of industrial control systems to limit local attack vector accessibility
- Consult Siemens support resources for specific configuration guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices where additional information is required
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with availability impact. Remediation guidance specifies vendor fix via update to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE families.
Official resources
-
CVE-2024-53052 CVE record
CVE.org
-
CVE-2024-53052 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12