CVE-2024-56587 Siemens CVE debrief

Who should care

Operators of Siemens industrial networking infrastructure including RUGGEDCOM RST2428P serial servers and SCALANCE managed switches running SINEC OS. Security teams managing OT environments with local user access or compromised low-privilege accounts.

Technical summary

The vulnerability resides in drivers/leds/led-class.c where brightness_show() lacks proper synchronization via led_cdev->led_access mutex during concurrent HID device registration and attribute access. The race window between led_cdev structure initialization and sysfs attribute exposure permits NULL dereference when Process B reads brightness before Process A completes device setup.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates: RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 families should update to V3.2 or later
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance and update paths
• Implement physical access controls to prevent local exploitation
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor for anomalous HID device attachment patterns on affected systems

Evidence notes

CISA ICS advisory ICSA-25-226-07 published 2025-08-12 identifies this CVE affecting Siemens industrial networking products running SINEC OS. The advisory was republished 2026-02-25 based on Siemens ProductCERT SSA-355557. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact only.

Official resources