PatchSiren cyber security CVE debrief
CVE-2024-56648 Siemens CVE debrief
CVE-2024-56648 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's High-availability Seamless Redundancy (HSR) networking subsystem. The flaw exists in the `fill_frame_info()` function, where insufficient packet length validation could lead to out-of-bounds memory access when processing packets as small as 14 bytes. This may result in use of uninitialized values, causing undefined behavior or denial of service conditions. The vulnerability was published on August 12, 2025, with the advisory last modified on February 25, 2026. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P switches and multiple SCALANCE product families that incorporate the vulnerable HSR implementation.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial Ethernet switches with HSR protocol support, particularly in critical infrastructure sectors including energy, transportation, and manufacturing. System administrators responsible for maintaining redundant industrial network architectures should prioritize assessment and patching.
Technical summary
The vulnerability resides in the Linux kernel's net/hsr/hsr_framereg.c implementation of the High-availability Seamless Redundancy (HSR) protocol. The `fill_frame_info()` function fails to properly validate minimum packet length before accessing frame data structures. When processing Ethernet frames of exactly 14 bytes (minimum Ethernet header without payload), the function may read beyond allocated buffer boundaries, accessing uninitialized kernel memory. This condition can trigger undefined behavior including kernel panics or memory corruption. The HSR protocol is used in industrial automation for redundant ring topologies requiring sub-millisecond failover. The CVSS 3.1 vector indicates local attack requirements, suggesting exploitation would require authenticated network access or local system privileges to inject crafted HSR frames.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for RUGGEDCOM RST2428P (6GK6242-6PA00) and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement network segmentation to limit exposure of HSR-enabled devices to untrusted network segments
- Monitor for anomalous network traffic targeting HSR protocol implementations
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Official resources
-
CVE-2024-56648 CVE record
CVE.org
-
CVE-2024-56648 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12