PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-53174 Siemens CVE debrief

CVE-2024-53174 is a use-after-free vulnerability in the Linux kernel's SUNRPC subsystem affecting Siemens industrial networking products. The flaw exists in the `c_show` function, which is called with RCU (Read-Copy-Update) protection. While RCU ensures that the cache pointer `cp` will not be freed during access, it does not prevent the reference count from dropping to zero. When `cache_get` is subsequently called, this triggers a refcount use-after-free warning, potentially leading to denial of service conditions. The vulnerability has a CVSS 3.1 score of 5.5 (MEDIUM severity) with a local attack vector, low attack complexity, and low privileges required. No confidentiality or integrity impact is assessed, but availability impact is rated HIGH. Siemens has addressed this issue in SINEC OS V3.2 and later versions for affected RUGGEDCOM and SCALANCE product families. CISA published advisory ICSA-25-226-07 on August 12, 2025, with subsequent updates through February 25, 2026, to clarify affected product configurations and incorporate vendor guidance. Organizations operating affected industrial control systems should apply vendor-provided updates and follow CISA's recommended practices for defense-in-depth strategies.

Vendor
Siemens
Product
RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2025-08-12
Original CVE updated
2026-02-25
Advisory published
2025-08-12
Advisory updated
2026-02-25

Who should care

Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series managed switches. System integrators and OT security teams responsible for maintaining SINEC OS-based deployments. Critical infrastructure operators in energy, manufacturing, and transportation sectors utilizing affected Siemens products for network segmentation and industrial communications.

Technical summary

The vulnerability resides in the Linux kernel's SUNRPC (Secure ONC RPC) implementation. The `c_show` function, used for displaying cache entries in procfs, operates under RCU read-side critical sections. RCU guarantees that the cache entry structure `cp` remains valid (not freed) during the critical section, but does not synchronize against concurrent reference count decrements. A race condition exists where another CPU or thread may drop the final reference to `cp` between the RCU dereference and the `cache_get` call that increments the reference count. When `cache_get` observes a zero refcount and attempts to increment it, the kernel's refcount debugging infrastructure triggers a use-after-free warning. This represents a local denial-of-service vector exploitable by unprivileged users with the ability to read SUNRPC procfs entries. The vulnerability is confined to local attack scenarios due to the procfs interface requirement.

Defensive priority

medium

Recommended defensive actions

  • Apply vendor-provided updates to SINEC OS V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE product families per Siemens ProductCERT guidance.
  • Review Siemens security advisory SSA-355557 for specific configuration guidance regarding SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments.
  • Implement network segmentation and defense-in-depth strategies for industrial control systems per CISA recommended practices.
  • Monitor for anomalous behavior in SUNRPC-related services on affected systems pending patch deployment.
  • Validate patch applicability through Siemens Industry Online Support portal before deployment in production environments.

Evidence notes

Vulnerability description derived from CISA CSAF advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557. Affected products confirmed through CSAF product tree: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. CVSS vector confirmed as CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C. Remediation guidance specifies update to V3.2 or later for applicable products.

Official resources

2025-08-12