PatchSiren cyber security CVE debrief
CVE-2024-53165 Siemens CVE debrief
A use-after-free vulnerability exists in the Linux kernel's SuperH (sh) architecture interrupt controller (intc) subsystem. The flaw occurs in register_intc_controller() where a data structure is added to a global list before initialization completes; if an error occurs during setup, the structure is freed while still referenced in intc_list, leading to memory corruption. This vulnerability affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH families. The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector with low complexity, requiring low privileges but enabling high impact on confidentiality, integrity, and availability. The vulnerability was disclosed publicly on 2025-08-12 and last modified on 2026-02-25. Siemens has released patches—update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to V3.2 or later; consult Siemens ProductCERT advisory SSA-355557 for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family remediation guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH industrial Ethernet switches in critical infrastructure, manufacturing, or utility environments. System administrators responsible for firmware lifecycle management of industrial networking equipment. Security teams monitoring OT/ICS environments for kernel-level vulnerabilities that could enable local privilege escalation or system instability.
Technical summary
The vulnerability exists in the register_intc_controller() function in arch/sh/kernel/cpu/irq/intc.c of the Linux kernel. The function adds a newly allocated 'd' structure to the global intc_list before completing all initialization steps. If any subsequent operation fails, the error handling path frees 'd' without removing it from the list, creating a use-after-free condition. Subsequent access to intc_list could dereference freed memory, potentially leading to kernel panic, information disclosure, or privilege escalation. The fix restructures the code to only add 'd' to intc_list after all initialization succeeds.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates: update RUGGEDCOM RST2428P (6GK6242-6PA00) to V3.2 or later
- Apply vendor-provided firmware updates: update SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later
- Consult Siemens ProductCERT advisory SSA-355557 for specific remediation steps for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
- Verify current firmware version on affected Siemens industrial networking equipment
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous behavior on affected devices pending patch deployment
Evidence notes
Vulnerability description and affected products confirmed via CISA ICS advisory ICSA-25-226-07, which references Siemens ProductCERT CSAF advisory SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H sourced from CISA CSAF data. Remediation guidance extracted from CSAF remediations section: RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family require V3.2 or later; SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family has vendor_fix with reference to additional information.
Official resources
-
CVE-2024-53165 CVE record
CVE.org
-
CVE-2024-53165 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12