PatchSiren cyber security CVE debrief
CVE-2024-56670 Siemens CVE debrief
A race condition in the Linux kernel USB gadget serial driver (u_serial) can cause a null pointer dereference crash when concurrent open and disconnect operations occur. The vulnerability exists in the gs_start_io function where the port->port_usb pointer may be set to NULL by a disconnecting thread while another thread attempts to use it. This affects Siemens industrial networking products running SINEC OS that incorporate the vulnerable kernel component. The issue requires local access with low privileges and no user interaction, resulting in high availability impact through denial of service. Siemens has released firmware updates to address this vulnerability in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Industrial control system operators, OT security teams, and network administrators managing Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 devices in critical infrastructure environments. Organizations with USB gadget functionality enabled on these devices for serial-over-USB applications should prioritize patching.
Technical summary
The vulnerability resides in the gs_start_io function of drivers/usb/gadget/function/u_serial.c in the Linux kernel. A race condition occurs when Thread A executes gs_open (open operation) while Thread B executes gserial_disconnect (disconnect operation), causing port->port_usb to be set to NULL and subsequently dereferenced. The crash results in denial of service through kernel panic or module failure. The attack requires local access with low privileges and no user interaction. CVSS 3.1 score 5.5 (Medium) with AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H vector indicates purely availability impact. Affected Siemens products incorporate this kernel component in their SINEC OS firmware for industrial Ethernet switches and routers.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT SSA-355557 for specific configuration guidance
- Implement physical access controls to limit local access to affected industrial control systems
- Monitor for unexpected device crashes or USB gadget subsystem failures as potential indicators of exploitation attempts
- Follow CISA ICS recommended practices for defense in depth strategies for industrial control systems
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact only. Affected products confirmed through CSAF product tree: RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family.
Official resources
-
CVE-2024-56670 CVE record
CVE.org
-
CVE-2024-56670 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12