PatchSiren cyber security CVE debrief
CVE-2024-53173 Siemens CVE debrief
A use-after-free vulnerability exists in the Linux kernel's NFSv4.0 client implementation. When two threads concurrently open files and are forced to abort before receiving a reply, the nfs_release_seqid() call in nfs4_opendata_free() can dereference a freed pointer to a defunct RPC task from the other thread. This condition requires local access with low privileges, high attack complexity, and can result in complete confidentiality, integrity, and availability compromise of the affected system.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment with NFSv4.0 client functionality, particularly in critical infrastructure environments. System administrators managing RUGGEDCOM and SCALANCE device deployments should prioritize patching. Security teams monitoring OT/ICS environments for kernel-level vulnerabilities that could enable privilege escalation or system compromise.
Technical summary
The vulnerability resides in the NFSv4.0 client implementation within the Linux kernel. The race condition occurs when nfs4_opendata_free() calls nfs_release_seqid() after a concurrent thread's RPC task has been freed but before proper synchronization. The affected Siemens products—RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family—incorporate vulnerable kernel versions. The CVSS 3.1 base score of 7.0 (HIGH) reflects the significant impact despite the local attack vector and high complexity requirements.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance and update to V3.2 or later
- Implement network segmentation to limit NFSv4.0 traffic to trusted hosts only
- Monitor for abnormal NFS client behavior or unexpected kernel crashes on affected systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which was republished on 2026-02-25 based on Siemens ProductCERT SSA-355557. The advisory was initially published on 2025-08-12 and underwent three revisions before the final republication. The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates local attack vector with high complexity but severe impact if exploited.
Official resources
-
CVE-2024-53173 CVE record
CVE.org
-
CVE-2024-53173 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12