PatchSiren cyber security CVE debrief
CVE-2024-26679 Siemens CVE debrief
A vulnerability in the Linux kernel's inet_recv_error() function was resolved by ensuring the socket family (sk->sk_family) is read only once. This change prevents potential race conditions or inconsistent state that could arise from multiple reads of the socket family field during error handling in network operations. The fix was incorporated into the Linux kernel and subsequently affects Siemens industrial networking products that utilize the affected kernel code.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE and RUGGEDCOM industrial networking equipment, particularly in critical infrastructure and manufacturing environments. Security teams responsible for OT/ICS network infrastructure should prioritize patch management for affected devices. System administrators managing SINEC OS deployments should monitor for firmware updates addressing this kernel-level vulnerability.
Technical summary
The vulnerability exists in the Linux kernel's inet_recv_error() function, where the socket family field (sk->sk_family) could be read multiple times during error handling operations. The resolution ensures this field is read exactly once, eliminating the potential for race conditions or inconsistent state that could occur if the value changed between reads. This is a defensive coding fix that improves kernel stability and predictability in network error handling paths. The vulnerability affects Siemens industrial networking products including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P (6GK6242-6PA00) devices that incorporate the affected kernel code.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply kernel updates or firmware patches provided by Siemens for affected SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P devices
- Monitor network traffic for anomalous behavior on affected industrial control systems
- Implement network segmentation for critical industrial control system components per CISA recommended practices
- Establish baseline network behavior and enable logging for detection of potential exploitation attempts
Evidence notes
The vulnerability description indicates a kernel-level fix in inet_recv_error() to read sk->sk_family once, preventing potential race conditions. Siemens ProductCERT advisory SSA-613116 and CISA advisory ICSA-25-226-15 document this CVE as affecting SCALANCE and RUGGEDCOM product families. The CISA advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect republication based on the Siemens advisory. The threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-26679 CVE record
CVE.org
-
CVE-2024-26679 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12