CVE-2024-56643 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments should prioritize patching. System administrators responsible for OT/ICS network infrastructure and security teams monitoring industrial networks for availability risks should assess exposure.

Technical summary

The vulnerability exists in the dccp_feat_change_recv function within the Linux kernel's DCCP protocol implementation. When processing feature negotiation, memory is allocated for a new SP (Server/Client Preference) feature value. If the subsequent dccp_feat_push_confirm() call fails, this allocated memory is not properly freed, resulting in a memory leak. Repeated exploitation could lead to resource exhaustion and denial of service conditions. The attack requires local access with low privileges, no user interaction, and affects availability only (no confidentiality or integrity impact per CVSS vector).

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
• Implement network segmentation to limit exposure of affected industrial control systems
• Monitor for anomalous resource consumption patterns that may indicate exploitation attempts
• Follow CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

CVE published 2025-08-12; CISA advisory ICSA-25-226-07 published same date. Siemens ProductCERT advisory SSA-355557 referenced as authoritative source. Advisory modified 2026-02-25 with republication based on updated Siemens guidance.

Official resources