CVE-2024-0841 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE X-family industrial Ethernet switches or RUGGEDCOM RST2428P devices in critical infrastructure, manufacturing, or OT environments. Security teams responsible for patch management of industrial control systems and network infrastructure administrators managing Siemens SINEC OS deployments.

Technical summary

The vulnerability resides in the hugetlbfs_fill_super function, which handles initialization of the hugetlbfs filesystem for HugeTLB (huge page) memory management in the Linux kernel. A null pointer dereference condition can be triggered, leading to kernel panic (system crash) or potential local privilege escalation. This affects Siemens industrial networking equipment running SINEC OS, which incorporates the vulnerable Linux kernel component. The attack vector requires local access, limiting exposure to authenticated users with system access.

Defensive priority

high

Recommended defensive actions

• Review Siemens ProductCERT Security Advisory SSA-613116 for affected product versions and patch availability
• Apply vendor-provided firmware updates for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P as directed by Siemens
• Restrict local system access to authorized personnel only to reduce attack surface for local privilege escalation vectors
• Monitor CISA ICS advisories for additional updates to ICSA-25-226-15
• Implement defense-in-depth strategies for industrial control systems per CISA recommended practices

Evidence notes

Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15. Affected product identification confirmed through CSAF product tree with high confidence. Timeline derived from advisory revision history: initial publication 2025-08-12, updated 2026-02-12 (product corrections), 2026-02-24 (removed rejected CVEs), 2026-02-25 (CISA republication with Siemens advisory updates).

Official resources