CVE-2024-56780 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM RST2428P industrial Ethernet switches or SCALANCE XC/XR/XCM/XRM/XCH/XRH industrial Ethernet switches in critical infrastructure environments, particularly those utilizing SINEC OS and requiring filesystem freeze operations for maintenance or backup procedures.

Technical summary

The vulnerability resides in the Linux kernel's disk quota implementation. During quota writeback triggered by filesystem freeze operations, the quota_release_work workqueue item may not be properly flushed, potentially causing synchronization issues. The affected call chain originates from freeze_super() through ext4_sync_fs() to dquot_writeback_dquots(). This is classified as CWE-833 (Deadlock) based on the advisory references. The CVSS 3.1 score of 4.7 (Medium) reflects local attack requirements and high complexity, with availability impact as the primary concern.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided firmware updates to V3.2 or later for affected RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
• For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
• Implement network segmentation for industrial control systems to limit exposure of affected devices
• Monitor vendor security advisories for additional product-specific guidance
• Follow CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

CVE description and affected product information sourced from CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with high attack complexity, low privileges required, and high availability impact.

Official resources