PatchSiren cyber security CVE debrief
CVE-2024-26735 Siemens CVE debrief
CVE-2024-26735 is a vulnerability in the Linux kernel's IPv6 Segment Routing (SR) subsystem that could lead to use-after-free and null-pointer dereference conditions. The vulnerability was resolved in the Linux kernel with a fix addressing possible use-after-free and null-pointer dereference scenarios in the IPv6 SR implementation. Siemens has identified this vulnerability as affecting certain industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. The CISA advisory ICSA-25-226-15, published on August 12, 2025, and subsequently updated through February 25, 2026, provides guidance on this vulnerability in the context of Siemens industrial control systems. The advisory has undergone multiple revisions, including corrections to affected product lists and removal of rejected CVEs. Organizations operating affected Siemens industrial networking equipment should consult the vendor's security advisory for specific patch and mitigation guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P switches or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and XCM-/XRM-/XCH-/XRH-300 family switches in industrial control system environments. Network administrators responsible for IPv6-enabled industrial networks using segment routing capabilities. Security teams managing OT/ICS infrastructure with Siemens networking equipment.
Technical summary
This vulnerability exists in the Linux kernel's IPv6 Segment Routing (SR) implementation. Segment Routing is a source routing paradigm that allows the source node to specify the path a packet takes through the network. The vulnerability involves possible use-after-free and null-pointer dereference conditions, which could potentially lead to system instability or denial of service. The issue has been resolved in the upstream Linux kernel. Siemens has incorporated this fix into SINEC OS for affected industrial networking products. The vulnerability affects IPv6 SR operations where improper memory handling could occur during segment routing header processing.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT Security Advisory SSA-613116 for detailed affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS on affected RUGGEDCOM and SCALANCE devices as they become available
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor CISA ICS advisories for additional guidance on this vulnerability
- Follow CISA recommended practices for industrial control systems defense in depth
Evidence notes
The vulnerability description indicates a resolved Linux kernel issue affecting IPv6 Segment Routing. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product details. CISA advisory ICSA-25-226-15 was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect republication based on the Siemens advisory. The source indicates 'Misinformed' impact categorization for affected product IDs.
Official resources
-
CVE-2024-26735 CVE record
CVE.org
-
CVE-2024-26735 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12