PatchSiren cyber security CVE debrief
CVE-2024-26663 Siemens CVE debrief
CVE-2024-26663 is a vulnerability in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem. The issue involves a missing validation check on bearer type before calling `tipc_udp_nl_bearer_add()`, which could lead to improper handling of network bearer configuration. The vulnerability was resolved by adding a check to validate the bearer type prior to the function call. This CVE was published on August 12, 2025, and last modified on February 25, 2026. Siemens has identified this vulnerability as affecting certain industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. The CISA CSAF advisory ICSA-25-226-15, which republished Siemens' SSA-613116 security advisory, tracks this issue for industrial control systems. The advisory has undergone multiple revisions, with the most recent update on February 25, 2026, correcting affected product listings and removing rejected CVEs from related advisories.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, and RUGGEDCOM RST2428P switches running SINEC OS. System administrators managing Linux-based industrial control systems and OT security teams responsible for network infrastructure in critical manufacturing, energy, and transportation sectors.
Technical summary
The vulnerability exists in the Linux kernel's Transparent Inter-Process Communication (TIPC) networking subsystem. Specifically, the function `tipc_udp_nl_bearer_add()` was being called without first validating the bearer type, potentially allowing improper bearer configuration. The fix adds a validation check to ensure the bearer type is appropriate before proceeding with UDP bearer addition operations. This is a defensive coding issue in the kernel's netlink-based TIPC configuration interface.
Defensive priority
medium
Recommended defensive actions
- Review Siemens SSA-613116 security advisory for affected product versions and patch availability
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message indicating a resolved issue in TIPC bearer handling. Vendor attribution to Siemens comes from the CSAF product tree with high confidence. The CISA CSAF source (ICSA-25-226-15) republishes Siemens' SSA-613116 advisory. The revision history shows the advisory was initially published on 2025-08-12, with updates on 2026-02-12 (corrected affected products), 2026-02-24 (removed unsupported version notes and rejected CVEs), and 2026-02-25 (CISA republication based on updated Siemens advisory). The threat category is marked as 'impact' with details 'Misinformed' per the source CSAF data.
Official resources
-
CVE-2024-26663 CVE record
CVE.org
-
CVE-2024-26663 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12