PatchSiren cyber security CVE debrief
CVE-2024-56754 Siemens CVE debrief
A medium-severity vulnerability in the Linux kernel's CAAM (Cryptographic Accelerator and Assurance Module) driver affects Siemens industrial networking products. The issue stems from passing an incorrect parameter type to devm_add_action_or_reset(), which can lead to improper resource release. This local vulnerability requires low privileges to exploit and could result in high availability impact. Siemens has released updates to address this issue in affected RUGGEDCOM and SCALANCE product families.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 family industrial Ethernet switches in critical infrastructure environments, including utilities, manufacturing, and transportation sectors.
Technical summary
The vulnerability exists in the Linux kernel's Cryptographic Accelerator and Assurance Module (CAAM) driver, where an incorrect parameter type is passed to the devm_add_action_or_reset() function. This device resource management function is used to register cleanup actions that execute automatically when a device is detached. Passing an incorrect parameter type can cause the resource release mechanism to fail, potentially leading to resource leaks or system instability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates this is a local attack requiring low privileges with no user interaction, affecting availability with high impact. The vulnerability has been addressed by ensuring the correct parameter type is used for proper resource release.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates: update RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to V3.2 or later
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update paths
- Implement defense-in-depth strategies for industrial control systems per CISA recommended practices
- Restrict local access to affected devices to authorized personnel only
- Monitor for anomalous system behavior or unexpected resource exhaustion on affected devices
Evidence notes
CVE published 2025-08-12; CISA advisory ICSA-25-226-07 published same date; advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-355557. CVSS 5.5 (MEDIUM) per source. Affects Siemens RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families. Root cause: incorrect parameter type passed to devm_add_action_or_reset() in CAAM crypto driver.
Official resources
-
CVE-2024-56754 CVE record
CVE.org
-
CVE-2024-56754 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12