OTPulse
FeedAboutContact

Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2

Act Now9.1SSA-355557Aug 12, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SINEC OS before V3.2 contains multiple vulnerabilities in third-party components including memory safety issues (buffer overflow, use-after-free, out-of-bounds access), input validation flaws, and resource management problems. These affect RUGGEDCOM RST2428P and SCALANCE XC/XR/XCM/XRM/XCH/XRH-300 family devices. Vulnerabilities allow remote unauthenticated attackers to execute arbitrary code or cause denial of service. Siemens recommends updating to SINEC OS V3.2 or later.

What this means
What could happen
Multiple vulnerabilities in third-party components could allow an unauthenticated remote attacker to execute arbitrary commands or cause a denial of service on critical network infrastructure devices, disrupting communication and control systems in water/electric utility networks.
Who's at risk
This affects Siemens RUGGEDCOM and SCALANCE industrial switches and gateways that are commonly used in water and electric utility networks for secure communication between control systems. Any utility relying on these devices for SCADA connectivity should treat this as critical.
How it could be exploited
An attacker can send specially crafted network packets to the affected device from the internet (no authentication required). The device processes these packets using vulnerable third-party components, which could allow code execution or memory corruption, leading to system compromise or crash.
Prerequisites
  • Network reachability to the affected device on its management or operational ports
  • No credentials required for exploitation
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)High EPSS score (13.9%)Critical CVSS (9.1)Affects network infrastructure devices critical to utility operations
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RST2428P (6GK6242-6PA00)< 3.23.2
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family< 3.23.2
SCALANCE XCM-/XRM-/XCH-/XRH-300 family< 3.23.2
Remediation & Mitigation
0/4
Do now
0/4
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
HOTFIXUpdate SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices to SINEC OS V3.2 or later
SCALANCE XCM-/XRM-/XCH-/XRH-300 family
HOTFIXUpdate SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices to SINEC OS V3.2 or later
All products
HOTFIXUpdate RUGGEDCOM RST2428P to SINEC OS V3.2 or later
WORKAROUNDRestrict network access to affected devices using firewall rules; only allow connections from authorized engineering workstations and management networks until patching is complete
CVEs (486)
CVE-2021-47316CVE-2022-48666CVE-2022-48827CVE-2022-48828CVE-2022-48829CVE-2022-49034CVE-2023-4039CVE-2023-52887CVE-2023-52918CVE-2024-6197CVE-2024-6874CVE-2024-7264CVE-2024-8176CVE-2024-9681CVE-2024-36484CVE-2024-36894CVE-2024-36901CVE-2024-36938CVE-2024-36974CVE-2024-36978CVE-2024-37078CVE-2024-38586CVE-2024-38619CVE-2024-39468CVE-2024-39469CVE-2024-39482CVE-2024-39484CVE-2024-39487CVE-2024-39495CVE-2024-39499CVE-2024-39502CVE-2024-39503CVE-2024-39505CVE-2024-39506CVE-2024-39509CVE-2024-40901CVE-2024-40902CVE-2024-40904CVE-2024-40905CVE-2024-40912CVE-2024-40916CVE-2024-40929CVE-2024-40931CVE-2024-40932CVE-2024-40934CVE-2024-40941CVE-2024-40942CVE-2024-40943CVE-2024-40945CVE-2024-40947CVE-2024-40958CVE-2024-40959CVE-2024-40960CVE-2024-40961CVE-2024-40963CVE-2024-40968CVE-2024-40971CVE-2024-40974CVE-2024-40976CVE-2024-40978CVE-2024-40980CVE-2024-40981CVE-2024-40983CVE-2024-40984CVE-2024-40987CVE-2024-40988CVE-2024-40990CVE-2024-40995CVE-2024-41000CVE-2024-41004CVE-2024-41005CVE-2024-41006CVE-2024-41007CVE-2024-41009CVE-2024-41012CVE-2024-41015CVE-2024-41017CVE-2024-41020CVE-2024-41022CVE-2024-41034CVE-2024-41035CVE-2024-41040CVE-2024-41041CVE-2024-41044CVE-2024-41046CVE-2024-41049CVE-2024-41055CVE-2024-41059CVE-2024-41063CVE-2024-41064CVE-2024-41065CVE-2024-41068CVE-2024-41070CVE-2024-41072CVE-2024-41077CVE-2024-41078CVE-2024-41081CVE-2024-41087CVE-2024-41089CVE-2024-41090CVE-2024-41091CVE-2024-41092CVE-2024-41095CVE-2024-41097CVE-2024-42076CVE-2024-42077CVE-2024-42082CVE-2024-42084CVE-2024-42086CVE-2024-42087CVE-2024-42092CVE-2024-42093CVE-2024-42094CVE-2024-42095CVE-2024-42101CVE-2024-42105CVE-2024-42145CVE-2024-42148CVE-2024-42152CVE-2024-42153CVE-2024-42154CVE-2024-42161CVE-2024-42223CVE-2024-42224CVE-2024-42229CVE-2024-42232CVE-2024-42236CVE-2024-42244CVE-2024-42247CVE-2024-43098CVE-2024-43861CVE-2024-43867CVE-2024-43871CVE-2024-43879CVE-2024-43880CVE-2024-43882CVE-2024-43883CVE-2024-43889CVE-2024-43890CVE-2024-43893CVE-2024-43894CVE-2024-43907CVE-2024-43908CVE-2024-43914CVE-2024-44935CVE-2024-44944CVE-2024-44949CVE-2024-44954CVE-2024-44960CVE-2024-44965CVE-2024-44969CVE-2024-44971CVE-2024-44987CVE-2024-44988CVE-2024-44989CVE-2024-44990CVE-2024-44995CVE-2024-44998CVE-2024-44999CVE-2024-45003CVE-2024-45006CVE-2024-45008CVE-2024-45021CVE-2024-45025CVE-2024-46673CVE-2024-46674CVE-2024-46675CVE-2024-46676CVE-2024-46677CVE-2024-46679CVE-2024-46685CVE-2024-46689CVE-2024-46702CVE-2024-46707CVE-2024-46713CVE-2024-46714CVE-2024-46719CVE-2024-46721CVE-2024-46722CVE-2024-46723CVE-2024-46724CVE-2024-46725CVE-2024-46731CVE-2024-46737CVE-2024-46738CVE-2024-46739CVE-2024-46740CVE-2024-46743CVE-2024-46744CVE-2024-46745CVE-2024-46747CVE-2024-46750CVE-2024-46755CVE-2024-46759CVE-2024-46761CVE-2024-46763CVE-2024-46771CVE-2024-46777CVE-2024-46780CVE-2024-46781CVE-2024-46782CVE-2024-46783CVE-2024-46791CVE-2024-46798CVE-2024-46800CVE-2024-46804CVE-2024-46814CVE-2024-46815CVE-2024-46817CVE-2024-46818CVE-2024-46819CVE-2024-46822CVE-2024-46828CVE-2024-46829CVE-2024-46832CVE-2024-46840CVE-2024-46844CVE-2024-47143CVE-2024-47659CVE-2024-47660CVE-2024-47663CVE-2024-47667CVE-2024-47668CVE-2024-47669CVE-2024-47679CVE-2024-47684CVE-2024-47685CVE-2024-47692CVE-2024-47696CVE-2024-47697CVE-2024-47698CVE-2024-47699CVE-2024-47701CVE-2024-47705CVE-2024-47706CVE-2024-47709CVE-2024-47710CVE-2024-47712CVE-2024-47713CVE-2024-47718CVE-2024-47723CVE-2024-47735CVE-2024-47737CVE-2024-47739CVE-2024-47740CVE-2024-47742CVE-2024-47747CVE-2024-47748CVE-2024-47749CVE-2024-47756CVE-2024-47757CVE-2024-48881CVE-2024-49851CVE-2024-49858CVE-2024-49860CVE-2024-49863CVE-2024-49867CVE-2024-49868CVE-2024-49875CVE-2024-49877CVE-2024-49878CVE-2024-49879CVE-2024-49881CVE-2024-49882CVE-2024-49883CVE-2024-49884CVE-2024-49889CVE-2024-49890CVE-2024-49892CVE-2024-49894CVE-2024-49895CVE-2024-49896CVE-2024-49900CVE-2024-49901CVE-2024-49902CVE-2024-49903CVE-2024-49907CVE-2024-49913CVE-2024-49924CVE-2024-49930CVE-2024-49933CVE-2024-49936CVE-2024-49938CVE-2024-49944CVE-2024-49948CVE-2024-49949CVE-2024-49952CVE-2024-49955CVE-2024-49957CVE-2024-49958CVE-2024-49959CVE-2024-49962CVE-2024-49963CVE-2024-49965CVE-2024-49966CVE-2024-49969CVE-2024-49971CVE-2024-49973CVE-2024-49975CVE-2024-49977CVE-2024-49981CVE-2024-49982CVE-2024-49983CVE-2024-49985CVE-2024-49997CVE-2024-50001CVE-2024-50006CVE-2024-50007CVE-2024-50008CVE-2024-50013CVE-2024-50015CVE-2024-50024CVE-2024-50033CVE-2024-50035CVE-2024-50039CVE-2024-50040CVE-2024-50044CVE-2024-50045CVE-2024-50046CVE-2024-50049CVE-2024-50051CVE-2024-50059CVE-2024-50074CVE-2024-50082CVE-2024-50083CVE-2024-50095CVE-2024-50096CVE-2024-50099CVE-2024-50179CVE-2024-50180CVE-2024-50184CVE-2024-50185CVE-2024-50188CVE-2024-50193CVE-2024-50194CVE-2024-50195CVE-2024-50198CVE-2024-50199CVE-2024-50201CVE-2024-50202CVE-2024-50218CVE-2024-50234CVE-2024-50236CVE-2024-50237CVE-2024-50251CVE-2024-50262CVE-2024-50264CVE-2024-50265CVE-2024-50267CVE-2024-50268CVE-2024-50269CVE-2024-50273CVE-2024-50278CVE-2024-50279CVE-2024-50282CVE-2024-50287CVE-2024-50290CVE-2024-50292CVE-2024-50295CVE-2024-50296CVE-2024-50299CVE-2024-50301CVE-2024-50302CVE-2024-50304CVE-2024-50602CVE-2024-52332CVE-2024-53052CVE-2024-53057CVE-2024-53059CVE-2024-53060CVE-2024-53061CVE-2024-53063CVE-2024-53066CVE-2024-53097CVE-2024-53101CVE-2024-53103CVE-2024-53104CVE-2024-53145CVE-2024-53146CVE-2024-53148CVE-2024-53150CVE-2024-53155CVE-2024-53156CVE-2024-53157CVE-2024-53158CVE-2024-53161CVE-2024-53165CVE-2024-53171CVE-2024-53172CVE-2024-53173CVE-2024-53174CVE-2024-53181CVE-2024-53183CVE-2024-53184CVE-2024-53194CVE-2024-53197CVE-2024-53198CVE-2024-53214CVE-2024-53217CVE-2024-53226CVE-2024-53227CVE-2024-53237CVE-2024-53239CVE-2024-53240CVE-2024-53241CVE-2024-53680CVE-2024-56531CVE-2024-56532CVE-2024-56533CVE-2024-56539CVE-2024-56548CVE-2024-56558CVE-2024-56562CVE-2024-56567CVE-2024-56568CVE-2024-56569CVE-2024-56570CVE-2024-56572CVE-2024-56574CVE-2024-56576CVE-2024-56581CVE-2024-56586CVE-2024-56587CVE-2024-56589CVE-2024-56593CVE-2024-56594CVE-2024-56595CVE-2024-56596CVE-2024-56597CVE-2024-56598CVE-2024-56600CVE-2024-56601CVE-2024-56602CVE-2024-56603CVE-2024-56605CVE-2024-56606CVE-2024-56610CVE-2024-56615CVE-2024-56619CVE-2024-56623CVE-2024-56629CVE-2024-56630CVE-2024-56633CVE-2024-56634CVE-2024-56636CVE-2024-56637CVE-2024-56642CVE-2024-56643CVE-2024-56644CVE-2024-56645CVE-2024-56648CVE-2024-56650CVE-2024-56659CVE-2024-56661CVE-2024-56662CVE-2024-56670CVE-2024-56681CVE-2024-56688CVE-2024-56690CVE-2024-56691CVE-2024-56698CVE-2024-56700CVE-2024-56701CVE-2024-56704CVE-2024-56705CVE-2024-56720CVE-2024-56723CVE-2024-56724CVE-2024-56728CVE-2024-56739CVE-2024-56746CVE-2024-56747CVE-2024-56748CVE-2024-56754CVE-2024-56756CVE-2024-56770CVE-2024-56779CVE-2024-56780CVE-2024-56785CVE-2024-57874CVE-2024-57951CVE-2025-21687CVE-2025-21689CVE-2025-21692CVE-2025-21694CVE-2025-21699
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f4450c2a-f787-4bac-b5b9-d7ce5dbe3913