PatchSiren cyber security CVE debrief
CVE-2024-26748 Siemens CVE debrief
A double-free vulnerability in the Linux kernel's Cadence USB3 (cdns3) driver could allow memory corruption when handling zero-length USB packets. The vulnerability was resolved in the Linux kernel. Siemens has identified this CVE as applicable to certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-300/XR-300/XC-400/XR-500 families. The CISA advisory ICSA-25-226-15 was initially published on August 12, 2025, and underwent multiple revisions through February 25, 2026, including corrections to affected product lists and removal of rejected CVEs. No CVSS score or severity rating is available in the source corpus. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control environments. System administrators responsible for OT/ICS network security and patch management.
Technical summary
The vulnerability exists in the Cadence USB3 (cdns3) driver within the Linux kernel. A double-free condition occurs when handling zero-length USB packets, potentially leading to memory corruption. This affects embedded Linux systems using the cdns3 driver, including Siemens industrial networking equipment running SINEC OS. The fix involves correcting memory management in the zero-packet handling path.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS-based devices when available
- Monitor network segments containing affected SCALANCE and RUGGEDCOM devices for anomalous behavior
- Implement network segmentation for industrial control systems per CISA recommended practices
- Verify USB device authorization policies on affected systems to reduce attack surface
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-15) identifies this as a Linux kernel vulnerability in the usb: cdns3 driver related to double-free on zero packet handling. Siemens ProductCERT advisory SSA-613116 is the authoritative source for affected product information. The advisory underwent four revision cycles, with the most recent republication on February 25, 2026.
Official resources
-
CVE-2024-26748 CVE record
CVE.org
-
CVE-2024-26748 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12