PatchSiren cyber security CVE debrief
CVE-2024-26615 Siemens CVE debrief
A vulnerability in the Linux kernel's Shared Memory Communications over Direct Memory Access (SMC-D) subsystem could allow illegal memory access during connection dump operations. The issue stems from improper handling of the rmb_desc (remote memory buffer descriptor) structure when dumping SMC-D connection state. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was resolved in the Linux kernel with a fix for illegal rmb_desc access. Organizations should apply vendor-provided updates and follow CISA's ICS recommended practices for defense-in-depth strategies.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) and RUGGEDCOM RST2428P devices. Critical infrastructure operators, manufacturing facilities, and utility providers using these products in operational technology environments should prioritize assessment and patching.
Technical summary
The vulnerability exists in the Linux kernel's net/smc subsystem, specifically in the SMC-D (Shared Memory Communications over Direct Memory Access) connection dump functionality. The issue involves illegal access to the rmb_desc (remote memory buffer descriptor) structure during connection state dumping operations. SMC-D is used for high-performance memory-based communication between systems. The vulnerability was resolved with a kernel patch that corrects the rmb_desc access pattern. Siemens industrial networking products running SINEC OS incorporate the affected Linux kernel components, making them vulnerable if running unpatched versions. The CISA advisory (ICSA-25-226-15) republishes Siemens' ProductCERT guidance with corrections to the affected product list as of February 2026.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products as specified in Siemens ProductCERT advisory SSA-613116
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Follow CISA's ICS recommended practices for defense-in-depth strategies
- Monitor vendor security advisories for additional affected product announcements
- Review and update incident response procedures for industrial control system environments
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue in net/smc affecting SMC-D connection dump operations. Siemens ProductCERT advisory SSA-613116 (republished by CISA as ICSA-25-226-15) identifies affected industrial control products. The source advisory underwent multiple revisions, with the most recent update on 2026-02-25 correcting product affected status and removing rejected CVEs. No CVSS score is provided in the source data. The threat category is marked as 'impact' with 'Misinformed' details per CSAF data.
Official resources
-
CVE-2024-26615 CVE record
CVE.org
-
CVE-2024-26615 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12