PatchSiren cyber security CVE debrief
CVE-2024-53057 Siemens CVE debrief
CVE-2024-53057 is a vulnerability in the Linux kernel's network scheduler (net/sched) subsystem. The issue involves improper handling in the qdisc_tree_reduce_backlog function, which fails to stop processing at TC_H_ROOT as intended. This flaw can lead to use-after-free conditions in the kernel's traffic control queue discipline implementation. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM severity) with a local attack vector, low attack complexity, and low privileges required. The impact is limited to availability (high), with no confidentiality or integrity impact. Siemens has identified affected products in their industrial networking portfolio, including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH families running SINEC OS. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product lists and clarification of configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH industrial Ethernet switches in critical infrastructure, manufacturing, and utility environments. System administrators responsible for OT/ICS network security and availability. Security teams managing industrial control system patch programs. Network engineers configuring traffic control policies on affected platforms.
Technical summary
The vulnerability exists in the Linux kernel's network scheduler subsystem, specifically in the qdisc_tree_reduce_backlog function. The function fails to properly terminate its backlog reduction operation when reaching TC_H_ROOT (the root queue discipline handle), potentially leading to use-after-free memory corruption. This affects the kernel's traffic control infrastructure used for network quality-of-service management. The flaw requires local access with low privileges to exploit, resulting in denial-of-service conditions. Siemens industrial networking products running SINEC OS incorporate the vulnerable kernel code and are affected across multiple switch families.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens guidance
- Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations against Siemens additional information for specific remediation steps
- Implement network segmentation for industrial control systems to limit local access vectors
- Monitor Siemens ProductCERT advisory SSA-355557 for additional product-specific guidance
- Apply defense-in-depth strategies for industrial control systems environments
- resourceLinkAnnotations: [ref-4, ref-5, ref-6, ref-8, ref-10]
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in net/sched where qdisc_tree_reduce_backlog fails to properly stop at TC_H_ROOT. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack requirements with high availability impact. Siemens CSAF data identifies three affected product families with specific remediation paths. The advisory revision history shows multiple updates correcting product scope and removing rejected CVEs.
Official resources
-
CVE-2024-53057 CVE record
CVE.org
-
CVE-2024-53057 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12