PatchSiren cyber security CVE debrief
CVE-2024-56633 Siemens CVE debrief
A memory accounting flaw in the Linux kernel's tcp_bpf subsystem affects Siemens industrial network devices running SINEC OS. The vulnerability in __SK_REDIRECT pre-uncharges socket memory bytes (either msg->sg.size or apply_bytes), which can lead to incorrect memory accounting and potential denial of service conditions. This is a local attack vector requiring low privileges with no user interaction.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial network infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH families in critical infrastructure, manufacturing, and utility environments. Security teams responsible for OT/ICS asset management and patch deployment should prioritize assessment based on device exposure to local untrusted users.
Technical summary
The vulnerability exists in the tcp_bpf (TCP Berkeley Packet Filter) subsystem's socket memory accounting logic. Specifically, the __SK_REDIRECT path pre-uncharges memory for bytes to be sent (tosend), using either msg->sg.size or a smaller apply_bytes value. This incorrect accounting can lead to socket memory state inconsistencies. The flaw is exploitable locally with low privileges and can result in high availability impact (denial of service) on affected systems. The CVSS v3.1 score of 5.5 reflects this local attack vector with significant availability impact but no confidentiality or integrity compromise.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices per Siemens guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Implement network segmentation for industrial control systems to limit local attack surface
- Apply principle of least privilege for user accounts on affected devices
- Monitor for anomalous system behavior or unexpected resource exhaustion on affected Siemens network infrastructure
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack, low attack complexity, low privileges required, no user interaction, no confidentiality or integrity impact, but high availability impact.
Official resources
-
CVE-2024-56633 CVE record
CVE.org
-
CVE-2024-56633 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12