CVE-2024-56619 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices with SINEC OS should monitor for Siemens security updates. ICS/OT security teams should assess exposure of nilfs2 filesystems on deployed devices.

Technical summary

The nilfs2 filesystem in the Linux kernel contains a vulnerability triggered when directory inode i_size values are corrupted to large values. During directory record search operations, this can cause memory access outside the folio/page range or use-after-free conditions detectable under KASAN. Siemens products running SINEC OS incorporate this kernel component. The vulnerability requires local filesystem access or existing filesystem corruption to trigger.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-355557 for current affected product status and patch availability
• Verify nilfs2 filesystem is not exposed on affected Siemens devices in operational deployments
• Apply kernel updates from Siemens when available for SINEC OS-based products
• Monitor CISA ICS advisories for updates to ICSA-25-226-07
• Implement network segmentation for ICS/OT devices per CISA recommended practices

Evidence notes

Source CISA CSAF advisory ICSA-25-226-07 marks impact as 'Misinformed' for affected Siemens products. Advisory revision history shows multiple corrections to affected products list, with final republication on 2026-02-25 based on Siemens SSA-355557.

Official resources