CVE-2024-53146 Siemens CVE debrief

Who should care

System administrators and security teams managing Siemens industrial networking infrastructure, particularly those operating RUGGEDCOM RST2428P switches or SCALANCE XC/XR family devices in critical infrastructure environments. Organizations utilizing NFS services on SINEC OS-based systems should prioritize patch evaluation. Industrial control system operators in sectors such as energy, manufacturing, and transportation that rely on Siemens networking equipment for operational technology networks. Security practitioners responsible for vulnerability management programs in OT/ICS environments tracking third-party Linux kernel vulnerabilities affecting embedded industrial products.

Technical summary

CVE-2024-53146 is an integer overflow vulnerability in the Linux kernel's NFS server (NFSD) implementation. The flaw exists in the `decode_cb_compound4res()` function, which handles decoding of NFSv4 callback compound responses. When processing a tag length value that is greater than or equal to U32_MAX - 3, the arithmetic operation `length + 4` results in an integer overflow. The vulnerability is addressed by restructuring the decoding logic into multiple steps, eliminating the need to perform arithmetic on untrusted length values. This vulnerability affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable Linux kernel NFSD component. The affected products include the RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. CISA advisory ICSA-25-226-07 tracks this vulnerability, which was initially published on August 12, 2025, and most recently updated on February 25, 2026, to reflect corrections to the affected product list and configuration clarifications. The vulnerability is classified under CWE-20 (Improper Input Validation) and is not currently listed in CISA's Known Exploited Vulnerabilities catalog.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for detailed affected product configurations and patch availability
• Verify SINEC OS and underlying Linux kernel versions on affected Siemens devices (RUGGEDCOM RST2428P, SCALANCE XC/XR families)
• Apply vendor-provided firmware updates or patches addressing the NFSD integer overflow when available
• Implement network segmentation to limit NFS server exposure in industrial control environments
• Monitor for anomalous NFS callback traffic that may indicate exploitation attempts
• Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control systems

Evidence notes

Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07 and CVE.org record. Affected product information derived from Siemens ProductCERT SSA-355557 advisory as republished by CISA. Timeline information based on CVE published and modified dates (2025-08-12 and 2026-02-25 respectively). CWE classification from source references. Not a KEV-listed vulnerability per source enrichment data.

Official resources