PatchSiren cyber security CVE debrief
CVE-2024-26675 Siemens CVE debrief
A vulnerability in the Linux kernel's PPP asynchronous driver (ppp_async) allowed the Maximum Receive Unit (MRU) to exceed safe bounds, potentially enabling memory corruption or denial of service conditions. The issue was resolved by limiting MRU to 64KB. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA republished Siemens' advisory with corrections to affected product listings in February 2026. No known exploitation in ransomware campaigns has been reported.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC/XR/XCM/XRM/XCH/XRH-series switches or RUGGEDCOM RST2428P devices in industrial networks, particularly those utilizing PPP-based serial or modem connections for remote access or WAN connectivity.
Technical summary
The Linux kernel's PPP asynchronous line discipline (ppp_async) did not properly limit the Maximum Receive Unit (MRU) parameter, which could lead to excessive memory allocation or buffer handling issues. The fix enforces a 64KB MRU limit. Siemens industrial networking products utilizing SINEC OS incorporate this kernel component and are affected. The vulnerability is classified with 'Misinformed' impact in CISA's CSAF data, suggesting potential for information disclosure or processing errors rather than direct code execution.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for definitive affected product and patch information
- Verify SINEC OS version on deployed Siemens SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available per Siemens guidance
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a kernel-level fix in ppp_async to limit MRU to 64K. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product identification. CISA's CSAF advisory ICSA-25-226-15 was initially published 2025-08-12 and subsequently revised on 2026-02-12, 2026-02-24, and 2026-02-25 to correct product listings and remove rejected CVEs. The threat category in the source CSAF is marked as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-26675 CVE record
CVE.org
-
CVE-2024-26675 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12