PatchSiren cyber security CVE debrief
CVE-2024-56630 Siemens CVE debrief
CVE-2024-56630 describes a resource leak in the OCFS2 (Oracle Cluster File System 2) Linux kernel module where iput() is not called when new_inode() succeeds but dquot_initialize() fails. This vulnerability affects Siemens industrial networking products that incorporate vulnerable Linux kernel versions, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The flaw could lead to inode reference count leaks, potentially causing resource exhaustion over time. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. Siemens has issued ProductCERT advisory SSA-355557 with remediation guidance. No CVSS score is currently assigned, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial control system operators, OT security teams, and network administrators managing Siemens RUGGEDCOM or SCALANCE infrastructure should prioritize this advisory. Organizations in critical infrastructure sectors (energy, manufacturing, transportation) deploying these switches for industrial Ethernet connectivity should verify their exposure and monitor for vendor patches.
Technical summary
The vulnerability exists in the OCFS2 filesystem implementation within the Linux kernel. When new_inode() successfully allocates an inode but dquot_initialize() subsequently fails, the code path omits a required iput() call to decrement the inode reference count. This results in a reference count leak that could accumulate over time, potentially leading to resource exhaustion. The flaw affects Siemens industrial networking products built on vulnerable Linux kernel versions, including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. CISA's advisory underwent multiple revisions between August 2025 and February 2026 to correct product impact assessments and remove rejected CVEs from the advisory scope.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for affected product configurations and patch availability
- Verify SINEC OS and kernel versions on RUGGEDCOM RST2428P and SCALANCE X-family devices
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor CISA ICS advisories for additional updates to affected product listings
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-07. Affected product identification derived from CSAF product tree with high confidence. Timeline based on CISA advisory revision history showing initial publication 2025-08-12 and latest update 2026-02-25. Vendor attribution confirmed through CSAF vendor field.
Official resources
-
CVE-2024-56630 CVE record
CVE.org
-
CVE-2024-56630 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12