CVE-2024-56548 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family products in industrial environments; security teams managing Linux-based industrial control systems utilizing hfsplus filesystems on loop devices; OT security practitioners responsible for patch management in critical infrastructure sectors.

Technical summary

The hfsplus filesystem driver in the Linux kernel contains a vulnerability where block size changes on loop devices (via LOOP_SET_BLOCK_SIZE ioctl) can cause memory allocation and I/O size mismatches. When hfsplus_read_wrapper calls hfsplus_submit_bio, the function may read a different io_size than what was used for allocation, resulting in potential out-of-bounds writes. This is a local vulnerability requiring low privileges with no user interaction, affecting availability. Siemens industrial networking products incorporating vulnerable kernel versions are affected, with vendor fixes available as of the 2026-02-25 advisory update.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family products per Siemens guidance
• Review Siemens ProductCERT SSA-355557 for specific configuration guidance on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family products
• Implement defense-in-depth strategies for industrial control systems as recommended by CISA
• Monitor for anomalous local filesystem activity on systems utilizing hfsplus-formatted loop devices
• Restrict local access to systems running affected Siemens networking products to authorized personnel only

Evidence notes

CVE description and CVSS vector from official CVE record; affected products and remediation details from CISA CSAF advisory ICSA-25-226-07, which republishes Siemens ProductCERT SSA-355557 advisory dated 2026-02-25.

Official resources