PatchSiren cyber security CVE debrief
CVE-2024-26664 Siemens CVE debrief
CVE-2024-26664 is an out-of-bounds memory access vulnerability in the Linux kernel's hwmon (coretemp) subsystem. The vulnerability was resolved in the Linux kernel, and Siemens has assessed its impact on affected industrial networking products. According to the CISA CSAF advisory ICSA-25-226-15, Siemens has categorized the impact as 'Misinformed' for affected products including the RUGGEDCOM RST2428P and SCALANCE X-family devices. The advisory was initially published on August 12, 2025, and most recently updated on February 25, 2026, to incorporate changes from Siemens ProductCERT advisory SSA-613116. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment, particularly RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families) in industrial control system (ICS) environments. Security teams responsible for OT/ICS infrastructure patch management and vulnerability assessment programs should prioritize review of vendor-specific impact assessments.
Technical summary
CVE-2024-26664 addresses an out-of-bounds memory access vulnerability in the Linux kernel's hardware monitoring (hwmon) coretemp driver. The vulnerability has been resolved in the upstream Linux kernel. Siemens has evaluated this CVE against their industrial networking product portfolio, including RUGGEDCOM RST2428P and SCALANCE X-family devices running SINEC OS. Per the CISA CSAF advisory ICSA-25-226-15, Siemens has classified the impact as 'Misinformed' for affected products, indicating their assessment of actual vulnerability exposure differs from the original CVE classification. The advisory has been updated multiple times, most recently on February 25, 2026, to align with Siemens ProductCERT advisory SSA-613116. Organizations should consult the Siemens ProductCERT advisory for specific patch and mitigation guidance applicable to their deployed devices.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Verify SINEC OS and firmware versions on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided patches or updates as specified in Siemens security advisories
- Monitor CISA ICS advisories for additional guidance on industrial control system security
Evidence notes
The vulnerability description indicates a resolved Linux kernel hwmon (coretemp) out-of-bounds memory access issue. Siemens has assessed impact as 'Misinformed' per the threats section of the source CSAF document. The advisory revision history shows four updates, with the latest incorporating Siemens ProductCERT SSA-613116 advisory changes.
Official resources
-
CVE-2024-26664 CVE record
CVE.org
-
CVE-2024-26664 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This CVE was published on August 12, 2025, and last modified on February 25, 2026. The source advisory ICSA-25-226-15 underwent multiple revisions, with the most significant update on February 25, 2026, republishing based on Siemens Product