PatchSiren cyber security CVE debrief
CVE-2024-56723 Siemens CVE debrief
CVE-2024-56723 is a medium-severity vulnerability (CVSS 5.5) affecting the Intel SoC PMIC BXTWC driver in the Linux kernel. The issue stems from an implementation flaw in the driver's conversion to use IRQ domain hierarchy for PMIC devices, where platform_get_irq() triggers warnings on IRQ 0—a value that should represent a valid Linux virtual IRQ number rather than an error condition. This vulnerability was inherited from previous implementation patterns and became exposed when kernel validation tightened. Siemens has identified this CVE as affecting multiple industrial networking product families: RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. The vulnerability was first published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product lists and removal of rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure sectors. System administrators managing RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH family devices. OT security teams responsible for patch management in industrial control environments. Organizations subject to NERC CIP or similar industrial cybersecurity frameworks requiring vulnerability remediation timelines.
Technical summary
The vulnerability exists in the intel_soc_pmic_bxtwc MFD (Multi-Function Device) driver, which manages power management ICs on Intel Broxton-based platforms. The driver's IRQ domain implementation fails to properly handle cases where platform_get_irq() returns 0, triggering kernel warnings. While the architectural approach of using IRQ chip hierarchy is sound, the implementation contains inherited vulnerabilities in error handling paths. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low complexity, low privilege requirements, and high availability impact—consistent with a denial-of-service condition through improper IRQ handling. The vulnerability is not known to be exploited in the wild (E:U) and has an official fix available (RL:O).
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE product families per Siemens ProductCERT guidance
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family deployments, consult Siemens support documentation for specific configuration guidance
- Implement network segmentation for affected industrial control systems to limit local attack vector exposure
- Monitor for anomalous system behavior indicative of IRQ handling issues on affected devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Verify patch deployment through Siemens Industry Online Support portal
- resourceLinkAnnotations: [ref-4, ref-5, ref-6, ref-8]
Evidence notes
Vulnerability description and affected products derived from CISA CSAF advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557. CVSS vector confirms local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.
Official resources
-
CVE-2024-56723 CVE record
CVE.org
-
CVE-2024-56723 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12