CVE-2024-56562 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial Ethernet switches in critical infrastructure environments, including utilities, transportation, and manufacturing sectors.

Technical summary

The vulnerability exists in the Linux kernel's I3C (Improved Inter-Integrated Circuit) master driver. The function i3c_master_put_i3c_addrs() contains a memory leak where init_dyn_addr is not properly freed, leading to resource exhaustion over time. This affects Siemens industrial networking products that incorporate the vulnerable kernel code. The CVSS 3.1 base score of 4.4 (Medium) reflects local attack requirements with low privileges, no user interaction needed, and impacts to integrity and availability but not confidentiality.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to firmware version V3.2 or later
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update instructions
• Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
• Restrict local access to affected devices to authorized personnel only
• Monitor for anomalous system behavior that may indicate resource exhaustion
• Review and apply Siemens security advisories regularly for affected product lines

Evidence notes

The vulnerability was disclosed in CISA advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The issue stems from a missing memory free operation in the I3C master driver within the Linux kernel. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) indicates local attack vector with low attack complexity and low privileges required, resulting in medium severity.

Official resources