PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-56705 Siemens CVE debrief

CVE-2024-56705 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's media/atomisp driver, specifically within the ia_css_3a_statistics_allocate() function. The flaw stems from a missing null check on the allocation result for rgby_data memory. If allocation fails, a subsequent assertion in ia_css_s3a_hmem_decode() triggers, causing a denial-of-service condition through system instability or crash. The vulnerability was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified affected products in its industrial networking portfolio, including RUGGEDCOM RST2428P and SCALANCE XC/XR/XCM/XRM/XCH/XRH families running SINEC OS. The attack vector is local, requiring low privileges and no user interaction, with high availability impact but no confidentiality or integrity impact.

Vendor
Siemens
Product
RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2025-08-12
Original CVE updated
2026-02-25
Advisory published
2025-08-12
Advisory updated
2026-02-25

Who should care

System administrators managing Siemens industrial networking infrastructure, OT security teams responsible for SCALANCE and RUGGEDCOM device fleets, kernel maintainers for embedded Linux distributions in industrial applications, and organizations with critical infrastructure relying on affected Siemens products for network segmentation and industrial communications. The local attack vector suggests primary concern for environments where attackers may gain low-privilege access to affected systems, including compromised edge devices or insider threat scenarios in industrial facilities.

Technical summary

The vulnerability exists in the ia_css_3a_statistics_allocate() function within the Linux kernel's media/atomisp driver. The function allocates memory for rgby_data without verifying the allocation success. When rgby_data allocation fails (typically under memory pressure), the subsequent call to ia_css_s3a_hmem_decode() contains an assertion (assert(host_stats->rgby_data)) that triggers, causing a kernel panic or system crash. This represents a CWE-20 (Improper Input Validation) weakness where return values from memory allocation functions are not checked. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact. The vulnerability affects Siemens industrial networking products incorporating the vulnerable kernel component, specifically RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family when running SINEC OS with the affected kernel version.

Defensive priority

medium

Recommended defensive actions

  • Apply vendor-supplied firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE product families per Siemens ProductCERT guidance
  • Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
  • Monitor Siemens ProductCERT advisory SSA-355557 for additional product-specific remediation details or configuration guidance
  • Validate memory allocation error handling in custom kernel modules utilizing atomisp or similar media driver components
  • Implement network segmentation and access controls to limit local attack vector exposure for affected industrial networking equipment

Evidence notes

Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with high availability impact. Remediation guidance specifies firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products.

Official resources

2025-08-12