PatchSiren cyber security CVE debrief
CVE-2024-56610 Siemens CVE debrief
CVE-2024-56610 is a medium-severity vulnerability (CVSS 5.5) affecting the Kernel Concurrency Sanitizer (KCSAN) in Linux kernels configured with PREEMPT_RT real-time preemption. The issue stems from the `report_filterlist_lock` being implemented as a standard spinlock rather than a raw_spinlock, which can trigger invalid context warnings and potential system instability when sleeping functions are called from atomic contexts. Siemens has identified this vulnerability as affecting multiple industrial networking product families running SINEC OS, including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices. The vulnerability was published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product lists and removal of rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH series industrial Ethernet switches in critical infrastructure, manufacturing, or process control environments. System administrators managing SINEC OS deployments and security teams responsible for OT/ICS vulnerability management should prioritize assessment and patching.
Technical summary
The vulnerability exists in the Kernel Concurrency Sanitizer (KCSAN) subsystem where `report_filterlist_lock` uses a standard spinlock instead of raw_spinlock. In PREEMPT_RT (real-time preemption) kernel configurations, this can cause sleeping function calls from invalid atomic contexts, resulting in kernel warnings (splats) and potential system instability. The issue manifests at kernel/locking/spinlock_rt.c:48. This affects Siemens industrial networking products running SINEC OS with vulnerable kernel configurations. The local attack vector requires low privileges and has high availability impact, though no confidentiality or integrity impacts are indicated.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
- Verify KCSAN and PREEMPT_RT kernel configurations in deployed systems to assess exposure
- Monitor Siemens ProductCERT and CISA ICS advisories for additional updates to affected product scope
- Implement network segmentation for industrial control systems per CISA recommended practices
- Apply defense-in-depth strategies for ICS environments as outlined in CISA guidance
Evidence notes
The vulnerability description indicates this is a kernel-level concurrency issue specific to KCSAN-enabled PREEMPT_RT configurations. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, low privileges required, and high availability impact. Siemens remediation guidance specifies firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE devices.
Official resources
-
CVE-2024-56610 CVE record
CVE.org
-
CVE-2024-56610 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated disclosure via CISA and Siemens ProductCERT. The advisory has undergone multiple revisions to refine affected product scope.