[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]

{"timestamp":"2025-03-05T04:55:26.718337Z","id":"CVE-2024-50302","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/hid/hid-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"e7ea60184e1e88a3c9e437b3265cbb6439aa7e26","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"3f9e88f2672c4635960570ee9741778d4135ecf5","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"d7dc68d82ab3fcfc3f65322465da3d7031d4ab46","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"05ade5d4337867929e7ef664e7ac8e0c734f1aaf","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"1884ab3d22536a5c14b17c78c2ce76d1734e8b0b","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"9d9f5c75c0c7f31766ec27d90f7a6ac673193191","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"492015e6249fbcd42138b49de3c588d826dd9648","versionType":"git","status":"affected"},{"version":"27ce405039bfe6d3f4143415c638f56a3df77dca","lessThan":"177f25d1292c7e16e1199b39c85480f7f8815552","versionType":"git","status":"affected"},{"version":"b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7","versionType":"git","status":"affected"},{"version":"fe6c9b48ebc920ff21c10c50ab2729440c734254","versionType":"git","status":"affected"},{"version":"3.10.16","lessThan":"3.11","versionType":"semver","status":"affected"},{"version":"3.11.5","lessThan":"3.12","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/hid/hid-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","versionType":"semver","status":"unaffecte

AND
     OR
          *cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:* versions up to (excluding) 3.2
     OR
          cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr552-12m:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:ruggedcom_rst2428p:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc316-8:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc319-4:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc324-4:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc324-4eec:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc332:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xch328:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xcm324:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xcm328:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xcm332:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xrh334:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xrm334:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc416-8:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc419-4:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc424-4:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xc432:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr302-32:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr322-12:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr326-8:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr326-8eec:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr502-32:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr522-12:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr524-8wg:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:scalance_xr526-8:-:*:*:*:*:*:*:*

siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-265688.html Types: Third Party Advisory

siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-355557.html Types: Third Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://cert-portal.siemens.com/productcert/html/ssa-355557.html

OR
          *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVE: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html Types: Mailing List

CVE: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html Types: Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302 Types: US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

OR
          *cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

2025-03-04

2025-03-25

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Linux Kernel Use of Uninitialized Resource Vulnerability

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-908

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST CWE-908

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.12 up to (excluding) 4.19.324
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.286
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.230
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.172
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.117
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.61
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.8
     *cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf No Types Assigned

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf Patch

https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 No Types Assigned

https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 Patch

https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b No Types Assigned

https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b Patch

https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 No Types Assigned

https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 Patch

https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 No Types Assigned

https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 Patch

https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 No Types Assigned

https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 Patch

https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 No Types Assigned

https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 Patch

https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 No Types Assigned

https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 Patch

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.

kernel.org https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf [No types assigned]

kernel.org https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 [No types assigned]

kernel.org https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b [No types assigned]

kernel.org https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 [No types assigned]

kernel.org https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 [No types assigned]

kernel.org https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 [No types assigned]

kernel.org https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 [No types assigned]

kernel.org https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 [No types assigned]