PatchSiren cyber security CVE debrief
CVE-2024-53145 Siemens CVE debrief
CVE-2024-53145 is a medium-severity integer overflow vulnerability in the Linux kernel's User-Mode Linux (UML) subsystem, specifically affecting the physical memory (physmem) setup process. The vulnerability occurs when the real map size exceeds LONG_MAX, which can be readily triggered on UML/i386 architectures. While this vulnerability originates in the Linux kernel, it affects Siemens industrial networking products that incorporate vulnerable kernel versions, including the RUGGEDCOM RST2428P and SCALANCE switch families (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families). The CVSS 3.1 score of 4.4 reflects local attack vector, low attack complexity, high privileges required, and high availability impact with no confidentiality or integrity impact. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026, following republication based on Siemens ProductCERT SSA-355557. Siemens has provided vendor fixes, recommending updates to version 3.2 or later for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family switches in industrial environments. System administrators managing UML/i386 deployments should also assess exposure. Critical infrastructure operators following CISA ICS guidance should prioritize vendor firmware updates.
Technical summary
This vulnerability exists in the User-Mode Linux (UML) subsystem of the Linux kernel during physical memory setup. An integer overflow can occur when the real map size exceeds LONG_MAX, a condition easily triggered on UML/i386 architectures. The vulnerability has been incorporated into Siemens industrial networking products. Successful exploitation could lead to denial of service conditions due to the high availability impact, though exploitation requires local access and high privileges. The attack surface is limited by the local attack vector and privilege requirements.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.2 or later for affected Siemens RUGGEDCOM RST2428P and SCALANCE switch families
- Review Siemens ProductCERT SSA-355557 for specific configuration guidance on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor CISA ICS advisories for additional updates to this vulnerability
- Verify kernel version in use on UML/i386 deployments and assess exposure to integer overflow conditions during physmem setup
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT SSA-355557. CVSS vector and remediation details extracted from source CSAF document. Timeline information derived from revision history showing initial publication 2025-08-12 and republication 2026-02-25.
Official resources
-
CVE-2024-53145 CVE record
CVE.org
-
CVE-2024-53145 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12