PatchSiren cyber security CVE debrief
CVE-2024-26635 Siemens CVE debrief
CVE-2024-26635 is a Linux kernel vulnerability in the LLC (Logical Link Control) subsystem, specifically involving the removal of support for ETH_P_TR_802_2. The vulnerability was resolved by dropping support for this protocol identifier. The issue was published on August 12, 2025, with subsequent modifications through February 25, 2026. Siemens has identified this vulnerability as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CISA CSAF advisory ICSA-25-226-15, republished on February 25, 2026, incorporates updates from Siemens ProductCERT advisory SSA-613116. Notably, the threat assessment categorizes the impact as 'Misinformed' for affected products, suggesting potential information disclosure or integrity concerns related to protocol handling. No CVSS score is currently available in the source data. Organizations should consult vendor guidance for patch availability and apply kernel updates as provided by Siemens for affected SINEC OS versions.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches running SINEC OS. OT security teams managing legacy protocol environments and Linux kernel maintainers for embedded industrial systems.
Technical summary
The vulnerability exists in the Linux kernel's Logical Link Control (LLC) implementation. The fix involves removing support for the ETH_P_TR_802_2 protocol type, indicating a potential security issue with how this legacy protocol identifier was handled. The ETH_P_TR_802_2 constant relates to IEEE 802.2 LLC over Token Ring networks, a largely obsolete networking technology. The removal suggests possible memory safety issues, protocol confusion attacks, or information disclosure risks associated with continued support for this protocol type in modern kernel versions.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed affected product versions and patch availability
- Apply SINEC OS updates as provided by Siemens to address the kernel-level LLC vulnerability
- Verify network segmentation for affected SCALANCE and RUGGEDCOM devices to limit potential attack surface
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Assess whether ETH_P_TR_802_2 protocol support is required in your environment; removal of this legacy protocol support is the implemented fix
Evidence notes
Vulnerability description sourced from CVE record and CISA CSAF advisory ICSA-25-226-15. Vendor attribution to Siemens confirmed through CSAF product tree with high confidence. Timeline derived from CVE published/modified dates and CSAF revision history. Threat impact categorization of 'Misinformed' sourced directly from CSAF threats array.
Official resources
-
CVE-2024-26635 CVE record
CVE.org
-
CVE-2024-26635 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12