PatchSiren cyber security CVE debrief
CVE-2024-53063 Siemens CVE debrief
CVE-2024-53063 describes a risk of out-of-memory access in the Linux kernel's media subsystem, specifically within the dvbdev component. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens ProductCERT issued advisory SSA-355557 addressing this CVE, which CISA subsequently republished as ICSA-25-226-07 on 2025-08-12 with updates through 2026-02-25. The advisory covers Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. Notably, the CISA advisory marks the impact as 'Misinformed' for the affected product IDs, indicating potential clarification or correction of earlier severity assessments. The revision history shows significant updates in February 2026, including removal of multiple rejected CVEs and clarification of affected product configurations. No CVSS score is currently assigned in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those with SCALANCE X-family switches or RUGGEDCOM devices in critical infrastructure environments. Security teams responsible for OT/ICS asset management and vulnerability tracking should prioritize review of vendor guidance given the advisory's 'Misinformed' impact classification and ongoing revisions.
Technical summary
CVE-2024-53063 is an out-of-memory access vulnerability in the Linux kernel's media subsystem dvbdev component. The vulnerability affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families). CISA advisory ICSA-25-226-07, republished from Siemens SSA-355557, marks the impact as 'Misinformed,' suggesting corrected or clarified severity assessment. The advisory underwent multiple revisions through February 2026 to refine affected product listings and remove rejected CVEs. No CVSS score is currently available.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance
- Verify SINEC OS and firmware versions on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided patches or updates as specified in Siemens security advisory
- Monitor CISA ICS advisories for additional updates to ICSA-25-226-07
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
Primary source is CISA CSAF advisory ICSA-25-226-07, republished from Siemens ProductCERT SSA-355557. Impact marked as 'Misinformed' in threat data. Multiple revision cycles indicate ongoing clarification of affected products.
Official resources
-
CVE-2024-53063 CVE record
CVE.org
-
CVE-2024-53063 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12