PatchSiren cyber security CVE debrief
CVE-2024-53239 Siemens CVE debrief
CVE-2024-53239 is a use-after-free (UAF) vulnerability in the Linux ALSA 6fire USB audio driver. The flaw occurs when the driver attempts to release resources immediately after calling usb6fire_chip_abort(), while the card object may still be in use via snd_card_free_when_closed(). This timing window creates a potential UAF condition. The vulnerability was published on 2025-08-12 and last modified on 2026-02-25. Siemens ProductCERT issued advisory SSA-355557 addressing this issue, and CISA republished the advisory as ICSA-25-226-07. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, including RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. No CVSS score or severity rating is available in the source corpus. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE or RUGGEDCOM industrial Ethernet switches, particularly those deployed in critical infrastructure environments. Security teams responsible for OT/ICS asset management and patch coordination. System integrators and operators of industrial networks using SINEC OS-based devices.
Technical summary
The vulnerability exists in the ALSA 6fire driver's resource cleanup path. When usb6fire_chip_abort() is called, the driver proceeds to release resources immediately. However, because snd_card_free_when_closed() is used for card object management, the card object may still be referenced elsewhere at the time of resource release. This race condition results in a use-after-free vulnerability. The issue affects Siemens industrial networking products that incorporate the vulnerable kernel code, including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches. The CISA advisory was updated on 2026-02-25 to clarify affected configurations and remove rejected CVEs from the advisory.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product impact and patch availability
- Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM products when available
- Monitor CISA ICS advisory ICSA-25-226-07 for updates on affected product configurations
- Implement network segmentation for industrial control systems per CISA recommended practices
- Assess exposure of affected devices to determine prioritization for patching efforts
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The threat category in the source is marked as 'Misinformed' for affected product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The source corpus does not contain CVSS scoring information or evidence of active exploitation.
Official resources
-
CVE-2024-53239 CVE record
CVE.org
-
CVE-2024-53239 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12