PatchSiren cyber security CVE debrief
CVE-2024-56572 Siemens CVE debrief
CVE-2024-56572 is a memory leak vulnerability in the Allegro DVT media platform driver, specifically within the `allocate_buffers_internal()` function. The issue occurs when a buffer allocated within a loop is not properly released under exception paths, leading to resource exhaustion over time. This vulnerability affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE switch families. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector requirements and high availability impact, with no confidentiality or integrity impact. The vulnerability was published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product lists and advisory republication based on Siemens ProductCERT updates.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial networking equipment in critical infrastructure environments, including utilities, manufacturing, and transportation sectors.
Technical summary
The vulnerability exists in the `allocate_buffers_internal()` function of the Allegro DVT media platform driver. When buffer allocation occurs within a loop and an exception path is triggered, the buffer may not be released, causing a memory leak. This can lead to resource exhaustion and denial of service conditions over time. The attack requires local access with low privileges and no user interaction. The vulnerability is classified under CWE-401 (Missing Release of Memory after Effective Lifetime).
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and patch availability
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Monitor system resource utilization for signs of memory exhaustion that may indicate exploitation attempts
- Restrict local access to affected devices to authorized personnel only, as the vulnerability requires local attack vector
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. Affected products confirmed through CSAF product tree with high confidence. CVSS vector and remediation details extracted from official advisory sources.
Official resources
-
CVE-2024-56572 CVE record
CVE.org
-
CVE-2024-56572 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public