PatchSiren cyber security CVE debrief
CVE-2024-53158 Siemens CVE debrief
CVE-2024-53158 is a medium-severity array underflow vulnerability in the Qualcomm GENI Serial Engine (geni-se) driver within the Linux kernel. The flaw exists in the geni_se_clk_tbl_get() function, where a loop condition intended to detect unchanged frequency values from clk_round_rate() is evaluated on the first iteration. This causes an out-of-bounds read before the start of the these->clk_perf_tbl[] array, potentially leading to information disclosure or system instability. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE switch families, as this vulnerability affects third-party Linux kernel components used in SINEC OS. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, with high availability impact. CISA and Siemens recommend updating affected devices to version 3.2 or later where available.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial Ethernet switches in critical infrastructure environments. System administrators responsible for OT/ICS network security and patch management should prioritize firmware updates where available.
Technical summary
The geni_se_clk_tbl_get() function in drivers/soc/qcom/geni-se.c contains a logic error where a loop termination check comparing current and previous frequency values from clk_round_rate() executes on the first iteration. With no valid previous value established, this causes an array index underflow when accessing these->clk_perf_tbl[-1]. The vulnerability requires local access with low privileges and can result in information disclosure (C:L) and high availability impact (A:H). Affected Siemens products incorporate vulnerable Linux kernel versions in SINEC OS firmware.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- Review Siemens ProductCERT advisory SSA-355557 for specific configuration guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family affected products
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Follow CISA recommended practices for industrial control systems defense in depth
- Monitor CISA ICS advisories for additional updates to this vulnerability
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector and remediation details sourced from official CISA and Siemens documentation. The vulnerability affects Qualcomm GENI Serial Engine driver code in Linux kernel, impacting Siemens industrial networking products running SINEC OS.
Official resources
-
CVE-2024-53158 CVE record
CVE.org
-
CVE-2024-53158 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12