PatchSiren cyber security CVE debrief
CVE-2025-39724 Cert Portal CVE debrief
CVE-2025-39724 is a denial-of-service vulnerability affecting Siemens SIMATIC CN 4100 systems identified in the Siemens/CISA advisories. The issue can cause a kernel panic in the Linux serial 8250 path when UART activity and FIFO handling race under specific conditions, leading to loss of availability. Siemens’ remediation is to update to V5.0 or later.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT operators, plant engineers, and system administrators responsible for Siemens SIMATIC CN 4100 devices, especially environments where the serial console/UART is active and the affected firmware/software version is below 5.0. Security teams should also care because the impact is availability-only but can still disrupt industrial operations.
Technical summary
The advisory describes a race in the Linux kernel 8250 serial driver path. During startup, serial_port_out(port, UART_LCR, UART_LCR_WLEN8) can call dw8250_check_lcr(), which may invoke dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). With FIFO enabled, a subsequent read from an empty receive buffer can trigger PSLVERR when PSLVERR_RESP_EN is set. If another CPU is already using the UART, the lock check can fail and the code enters the force-idle path, contributing to the panic. The published fix is to place serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under port->lock.
Defensive priority
High for affected OT deployments because the flaw can crash the device or subsystem and interrupt operations, even though the CVSS score is medium (5.5) and the issue is local/privilege-limited.
Recommended defensive actions
- Update Siemens SIMATIC CN 4100 to V5.0 or later as directed in the Siemens advisory.
- Confirm whether the device is in the affected version range before scheduled maintenance or change windows.
- Review whether the UART/serial console path is actively used in production and reduce unnecessary local access where possible.
- Monitor for unexpected kernel panics or serial console faults on affected systems until remediation is complete.
- Use the official Siemens and CISA advisories to validate product applicability and remediation steps.
Evidence notes
CISA’s CSAF advisory (ICSA-26-134-10) republishes Siemens advisory SSA-032379 for CVE-2025-39724 and states the affected product as Siemens SIMATIC CN 4100 versions less than 5.0. The source advisory date is 2026-05-12 with a CISA republication on 2026-05-14. The technical description explicitly ties the issue to a Linux kernel serial 8250 panic, and the provided CVSS vector indicates local access, low privileges, and high availability impact only.
Official resources
-
CVE-2025-39724 CVE record
CVE.org
-
CVE-2025-39724 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-05-12 and republished on 2026-05-14 from Siemens ProductCERT advisory SSA-032379 as ICSA-26-134-10.