CVE-2024-56724 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices in operational technology (OT) environments. Security teams responsible for firmware lifecycle management in industrial control systems should prioritize assessment given the high availability impact. System integrators and asset owners in critical infrastructure sectors utilizing Siemens networking equipment should evaluate exposure and coordinate with Siemens support channels for patch deployment planning.

Technical summary

The vulnerability exists in the mfd: intel_soc_pmic_bxtwc Linux kernel driver, specifically in its IRQ domain implementation for the TMU device. While the architectural conversion to hierarchical IRQ chips was sound in design, the implementation introduced a condition where platform_get_irq() would trigger WARN() assertions on IRQ 0. In Linux kernel interrupt handling, IRQ 0 is a valid virtual IRQ number, and the driver's failure to properly handle this case represents an inherited vulnerability from the conversion effort. The CVSS 3.1 scoring (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects that successful exploitation requires local access with low privileges, resulting in high availability impact—consistent with kernel driver failures that can cause system instability or denial of service. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and multiple SCALANCE product families running affected firmware versions prior to V3.2.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
• Review Siemens SSA-355557 advisory for specific configuration guidance on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family products
• Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
• Monitor for additional vendor communications regarding patch availability and deployment timelines
• Assess exposure of affected devices to local access vectors given the AV:L (local) attack vector requirement

Evidence notes

The vulnerability description indicates this is an inherited implementation flaw in IRQ domain conversion for the Intel SoC PMIC BXTWC driver. The CVSS vector confirms local attack requirements with high availability impact. Siemens ProductCERT advisory SSA-355557 serves as the authoritative vendor source, with CISA ICSA-25-226-07 providing government advisory coordination. The revision history shows active maintenance of this advisory with four documented updates addressing product scope corrections and configuration clarifications.

Official resources