PatchSiren cyber security CVE debrief
CVE-2024-56728 Siemens CVE debrief
A missing error-pointer validation in the octeontx2-pf Ethernet driver (otx2_ethtool.c) allows a local attacker to trigger a denial-of-service condition. The flaw occurs when otx2_mbox_get_rsp() returns an error pointer that is subsequently dereferenced without checking, leading to a kernel crash. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and select SCALANCE switch families. The issue was disclosed on 12 August 2025 and carries a medium severity rating with a CVSS 3.1 score of 5.5. Siemens has released firmware updates to address the vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family switches in industrial control system environments. System administrators responsible for firmware lifecycle management in OT networks. Security teams monitoring for local privilege escalation or denial-of-service vectors in embedded Linux systems.
Technical summary
The octeontx2-pf driver in the Linux kernel fails to validate the return value of otx2_mbox_get_rsp() in otx2_ethtool.c. When this function returns an error pointer (ERR_PTR), subsequent code dereferences the pointer without checking for the error condition, resulting in a kernel oops or panic. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users or processes on the affected system. The attack complexity is low and the primary impact is to availability (high severity), with no confidentiality or integrity impact. This driver-level vulnerability propagates to Siemens industrial networking products that incorporate the affected kernel code.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- Verify current firmware version on affected devices and prioritize updates for internet-facing or critical infrastructure deployments
- Implement network segmentation and access controls to limit local attacker access to affected devices
- Monitor for anomalous system behavior or unexpected reboots that may indicate exploitation attempts
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control systems
Evidence notes
The vulnerability description indicates a missing error check after calling otx2_mbox_get_rsp() in the octeontx2-pf driver. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low complexity and high availability impact. CISA advisory ICSA-25-226-07 and Siemens ProductCERT SSA-355557 provide authoritative vendor confirmation. The source revision history shows the advisory was initially published on 2025-08-12 and most recently updated on 2026-02-25 to reflect CISA republication based on Siemens advisory updates.
Official resources
-
CVE-2024-56728 CVE record
CVE.org
-
CVE-2024-56728 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12