PatchSiren cyber security CVE debrief
CVE-2024-53066 Siemens CVE debrief
CVE-2024-53066 describes a KMSAN (Kernel Memory Sanitizer) warning in the Linux kernel's NFS client implementation, specifically within the decode_getfattr_attrs() function. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. The source advisory (ICSA-25-226-07) from CISA's CSAF repository indicates this issue affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The KMSAN warning suggests potential use of uninitialized memory in NFS attribute decoding, which could lead to information disclosure or undefined behavior. Siemens has addressed this through their ProductCERT advisory SSA-355557. The threat assessment in the source material categorizes the impact as 'Misinformed' for the affected product IDs. No CVSS score or severity rating is currently available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices with NFS client functionality enabled. Industrial control system operators using SINEC OS-based infrastructure should prioritize review of vendor guidance.
Technical summary
The vulnerability manifests as a Kernel Memory Sanitizer (KMSAN) warning in the decode_getfattr_attrs() function of the Linux NFS client. KMSAN is a dynamic memory error detector for the Linux kernel that identifies uses of uninitialized memory. The warning indicates that the NFS attribute decoding path may access uninitialized memory during processing of NFS GETATTR responses. This affects Siemens industrial networking products running SINEC OS, which incorporates the vulnerable Linux kernel NFS subsystem. The 'Misinformed' threat categorization in the source advisory suggests the issue relates to incorrect or incomplete information handling rather than direct code execution.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for patch availability and deployment guidance
- Verify SINEC OS version on affected RUGGEDCOM and SCALANCE devices and apply vendor-provided updates
- Monitor NFS client configurations on affected industrial control systems for anomalous behavior
- Implement network segmentation to limit NFS exposure for affected devices until patching is complete
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
Source indicates KMSAN warning in decode_getfattr_attrs() function. Affected products identified through CSAF product tree: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Threat category marked as 'Misinformed' in source advisory. Revision history shows multiple updates through 2026-02-25, including removal of rejected CVEs and clarification of affected configurations.
Official resources
-
CVE-2024-53066 CVE record
CVE.org
-
CVE-2024-53066 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12