CVE-2024-56698 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 industrial networking equipment in operational technology (OT) environments. System integrators and asset owners in critical infrastructure sectors including energy, manufacturing, and transportation.

Technical summary

The vulnerability exists in the DesignWare USB3 (DWC3) gadget driver within the Linux kernel. The dwc3_request structure tracks queued scatter-gather entries via num_queued_sgs, which is decremented upon request completion. When a request is partially completed, this counter no longer accurately reflects the total number of queued SG entries, potentially causing incorrect loop iterations or state management in subsequent operations. This is classified as CWE-20 (Improper Input Validation). The CVSS 3.1 vector indicates local attack vector, low attack complexity, low privileges required, no user interaction, with high availability impact (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates: update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family to V3.2 or later per Siemens guidance
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance
• Implement network segmentation for industrial control systems to limit exposure of affected devices
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor Siemens ProductCERT and CISA ICS advisories for additional updates

Evidence notes

CVE published 2025-08-12; CISA advisory ICSA-25-226-07 published same date; advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 5.5 (MEDIUM) per source. Not in CISA KEV.

Official resources