PatchSiren cyber security CVE debrief
CVE-2024-56756 Siemens CVE debrief
CVE-2024-56756 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's NVMe PCI driver affecting Siemens industrial networking products. The flaw stems from an incorrect size parameter passed to dma_free_coherent() during Host Memory Buffer (HMB) descriptor table deallocation. Specifically, __nvme_alloc_host_mem() may allocate fewer descriptors than originally planned, yet the original (larger) size is used when freeing the table, leading to potential memory corruption or system instability. This is a local attack vector requiring low privileges with no user interaction, resulting in high availability impact. The vulnerability was published on August 12, 2025, and the advisory was last modified on February 25, 2026, when CISA republished updates based on Siemens ProductCERT advisory SSA-355557. Affected products include RUGGEDCOM RST2428P switches and multiple SCALANCE industrial Ethernet switch families running SINEC OS. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE industrial Ethernet switches in critical infrastructure environments, particularly those in manufacturing, energy, and transportation sectors where high availability is essential. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this update within standard maintenance windows given the local privilege requirement and availability impact.
Technical summary
The vulnerability exists in the nvme-pci kernel module where __nvme_alloc_host_mem() dynamically determines the number of HMB descriptors based on available host memory. When fewer descriptors are allocated than the initially computed maximum, the subsequent dma_free_coherent() call incorrectly uses the original size parameter rather than the actual allocated size. This size mismatch can lead to undefined behavior during memory deallocation. The flaw is categorized as CWE-20 (Improper Input Validation). Affected Siemens products incorporate this vulnerable kernel component in their SINEC OS firmware. Remediation requires firmware updates to version 3.2 or later, with specific configuration-dependent guidance for certain SCALANCE product families.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM and SCALANCE products per Siemens ProductCERT guidance
- Review SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family configurations for specific patch applicability as noted in vendor advisory
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT portal for additional updates to SSA-355557
Evidence notes
The vulnerability description is derived from the CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with high availability impact. The February 25, 2026 modification reflects CISA republication based on updated Siemens advisory content.
Official resources
-
CVE-2024-56756 CVE record
CVE.org
-
CVE-2024-56756 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12