PatchSiren cyber security CVE debrief
CVE-2024-56574 Siemens CVE debrief
A null pointer dereference vulnerability exists in the Linux kernel's ts2020 media driver, specifically within the ts2020_probe() function. This flaw can lead to a denial-of-service condition when exploited by a local attacker with low privileges. The vulnerability affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and multiple SCALANCE switch families. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH series switches in critical infrastructure environments. Security teams responsible for OT/ICS asset management and vulnerability remediation should prioritize firmware updates for affected devices.
Technical summary
CVE-2024-56574 is a null pointer dereference vulnerability in the ts2020_probe() function of the Linux kernel's ts2020 media driver. The flaw occurs when the driver fails to properly validate pointer references during device probe operations, leading to a kernel crash and system denial-of-service. The vulnerability requires local access with low privileges to exploit, and has no impact on confidentiality or integrity. Affected Siemens products incorporate this vulnerable kernel component through their SINEC OS operating system. The vulnerability was disclosed on August 12, 2025, with subsequent advisory updates through February 25, 2026, clarifying affected product configurations and removing rejected CVE entries.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates: Update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to version 3.2 or later. For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult theS
- Implement defense-in-depth strategies for industrial control systems as recommended by CISA, including network segmentation and restricted physical access to devices.
- Monitor for anomalous local access attempts to affected Siemens devices, particularly those involving media driver interactions.
- Review and apply Siemens ProductCERT security advisory SSA-355557 guidance for comprehensive remediation steps.
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector requiring low privileges, resulting in high availability impact only.
Official resources
-
CVE-2024-56574 CVE record
CVE.org
-
CVE-2024-56574 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12