PatchSiren cyber security CVE debrief
CVE-2024-53680 Siemens CVE debrief
A medium-severity vulnerability in the Linux kernel's IP Virtual Server (IPVS) subsystem affects Siemens industrial networking products. The flaw involves uninitialized stack memory access in ip_vs_protocol_init(), which can lead to undefined behavior and potential denial of service. The vulnerability requires local access with low privileges and has been addressed through vendor firmware updates.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family devices. System administrators responsible for industrial control system security, OT security teams, and infrastructure operators in critical manufacturing, energy, and transportation sectors should prioritize assessment and patching.
Technical summary
CVE-2024-53680 is a vulnerability in the Linux kernel's IP Virtual Server (IPVS) subsystem, specifically in the ip_vs_protocol_init() function. The flaw stems from uninitialized stack memory access that can cause undefined behavior. The vulnerability is classified as CWE-20 (Improper Input Validation) and has a CVSS 3.1 score of 5.5 (MEDIUM). The attack requires local access with low privileges and results in high availability impact (denial of service) with no confidentiality or integrity impact. The fix involves zeroing the on-stack buffer to prevent out-of-bounds accesses. Siemens has addressed this vulnerability in affected industrial networking products through firmware updates.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to affected Siemens industrial networking equipment. For RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, update to firmware version V3.2 or later. For SCALANC
- Review and implement CISA's ICS recommended practices for defense-in-depth strategies in industrial control system environments.
- Monitor for additional vendor guidance from Siemens ProductCERT regarding affected SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations.
- Assess network segmentation to limit local access to affected devices, as the vulnerability requires local attack vector.
Evidence notes
The vulnerability was disclosed in CISA advisory ICSA-25-226-07, which was initially published on 2025-08-12 and subsequently updated on 2026-02-25 to reflect corrections to affected products and republication based on Siemens ProductCERT advisory SSA-355557. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity and low privileges required, resulting in high availability impact.
Official resources
-
CVE-2024-53680 CVE record
CVE.org
-
CVE-2024-53680 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public