PatchSiren cyber security CVE debrief
CVE-2024-53217 Siemens CVE debrief
CVE-2024-53217 is a NULL pointer dereference vulnerability in the Linux kernel's NFS server (NFSD) implementation, specifically within the nfsd4_process_cb_update() function. The vulnerability was resolved in the upstream Linux kernel. Siemens has assessed this CVE as 'Misinformed' for its affected product lines, indicating that the vulnerability does not actually impact the listed Siemens industrial networking products (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family) despite initial inclusion in the advisory. The CVE was published on August 12, 2025, with subsequent advisory revisions through February 25, 2026, including removal of multiple rejected CVEs and clarification of affected product configurations. No CVSS score or severity rating is available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations running Linux-based NFS servers should verify patching status. Organizations deploying Siemens RUGGEDCOM RST2428P, SCALANCE XC/XR/XCM/XRM/XCH/XRH series industrial Ethernet switches should note the vendor's assessment that this CVE does not impact these products, though they should monitor for any future advisory revisions.
Technical summary
The vulnerability exists in the nfsd4_process_cb_update() function within the Linux kernel's NFS server (NFSD) implementation. A NULL pointer dereference could occur during callback update processing. The issue has been resolved in upstream Linux kernel code. Siemens products listed in the advisory incorporate Linux kernel components but have been assessed by the vendor as not actually vulnerable to this specific issue ('Misinformed' impact classification). The affected function relates to NFSv4 callback processing, which is used for server-to-client notifications in NFSv4 deployments.
Defensive priority
low
Recommended defensive actions
- Verify that Linux kernel-based systems running NFSD are patched to a version containing the fix for nfsd4_process_cb_update() NULL dereference
- For Siemens industrial networking products specifically listed in this advisory, no action is required based on the vendor's 'Misinformed' impact assessment
- Review Siemens ProductCERT advisory SSA-355557 for any subsequent clarifications or updates to the impact assessment
- Apply standard defense-in-depth practices for industrial control systems as recommended by CISA
- Monitor CISA ICS advisories for any future revisions to this assessment
Evidence notes
The source advisory (ICSA-25-226-07) explicitly categorizes this CVE's impact as 'Misinformed' for all listed product IDs (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The advisory underwent four revision cycles, with the February 25, 2026 update republishing based on Siemens ProductCERT SSA-355557. Multiple CVEs were removed from the advisory in the February 24, 2026 revision as 'rejected CVEs,' though CVE-2024-53217 was retained with the 'Misinformed' classification.
Official resources
-
CVE-2024-53217 CVE record
CVE.org
-
CVE-2024-53217 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12