CVE-2024-53194 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE industrial Ethernet switches in critical infrastructure, manufacturing, or utility environments where USB4 dock hot-removal scenarios may occur. Security teams responsible for OT/ICS asset management and patch coordination should prioritize this update. System integrators deploying SINEC OS-based infrastructure should verify update status before commissioning.

Technical summary

The vulnerability exists in the Linux kernel's PCI subsystem where improper reference counting between pci_slot and pci_bus structures leads to a use-after-free condition. When a USB4 dock undergoes hot removal, the pci_slot may access freed pci_bus memory, resulting in system instability or denial of service. The fix ensures pci_slot properly acquires a reference to pci_bus before access. This affects Siemens industrial products built on affected kernel versions, specifically RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local exploitation with low complexity, requiring low privileges, with availability impact as the primary concern.

Defensive priority

medium

Recommended defensive actions

• Apply vendor updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
• Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
• Monitor for additional vendor guidance on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations
• Implement network segmentation to limit exposure of affected industrial Ethernet switches
• Validate USB4 dock hot-removal procedures to minimize trigger conditions pending patch deployment

Evidence notes

CVE published 2025-08-12; CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 provides vendor fix details. Advisory modified 2026-02-25 with republication updates.

Official resources