PatchSiren cyber security CVE debrief
CVE-2024-53226 Siemens CVE debrief
CVE-2024-53226 is a NULL pointer dereference vulnerability in the RDMA/hns driver, specifically within the hns_roce_map_mr_sg() function. The issue arises because ib_map_mr_sg() permits upper layer protocols to pass NULL as the sg_offset argument, and the driver fails to validate this before dereferencing. This vulnerability affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and multiple SCALANCE switch families. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and low privileges required, with high availability impact but no confidentiality or integrity impact. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026. Siemens has provided vendor fixes, with updates to V3.2 or later versions recommended for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments. System administrators responsible for OT network infrastructure and security teams managing patch deployment for critical manufacturing or utility networks should prioritize assessment based on local access risk and availability requirements.
Technical summary
The vulnerability exists in the hns_roce_map_mr_sg() function of the RDMA/hns driver, which fails to check for NULL before dereferencing the sg_offset argument passed by ib_map_mr_sg(). Upper layer protocols can legitimately specify NULL for this parameter, creating a denial-of-service condition through local exploitation. The affected code path is in the memory registration handling for RDMA operations on Huawei RoCE (RDMA over Converged Ethernet) hardware integrated into Siemens industrial networking platforms.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products as specified in Siemens advisory
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Monitor for anomalous local access attempts on affected devices pending patch deployment
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack with availability impact only. Remediation guidance specifies V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 families; SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family requires vendor consultation per advisory details.
Official resources
-
CVE-2024-53226 CVE record
CVE.org
-
CVE-2024-53226 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12