PatchSiren cyber security CVE debrief
CVE-2024-26749 Siemens CVE debrief
A use-after-free vulnerability in the Linux kernel's Cadence USB3 controller driver (cdns3) was resolved. The flaw occurred in the `cdns3_gadget_ep_disable()` function, where memory could be accessed after being freed during USB gadget endpoint disable operations. This vulnerability affects Siemens industrial networking products that incorporate the vulnerable Linux kernel component, specifically the RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. The issue was addressed through a kernel patch that corrects the memory management in the endpoint disable path.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X family (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300) running SINEC OS. Critical infrastructure operators, manufacturing facilities, and utility providers utilizing these devices in industrial control system environments should prioritize assessment and patching.
Technical summary
The vulnerability exists in the Cadence USB3 controller driver (cdns3) within the Linux kernel. Specifically, the `cdns3_gadget_ep_disable()` function contained a use-after-free condition where memory could be accessed after deallocation during USB gadget endpoint teardown. This class of memory safety vulnerability can potentially lead to kernel crashes, information disclosure, or privilege escalation depending on the exploitability of the freed memory region. The fix involves correcting the memory management sequence to prevent access to freed resources.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch information and affected version ranges
- Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE X family switches as they become available
- Verify SINEC OS version compliance; note that versions below 3.1 are not supported for SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
- Implement network segmentation for industrial control systems to limit exposure of affected devices
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a resolved use-after-free condition in the Linux kernel's USB cdns3 driver. The CISA CSAF advisory (ICSA-25-226-15) identifies affected Siemens products including RUGGEDCOM RST2428P and SCALANCE X family switches. The advisory was initially published on 2025-08-12 and subsequently modified on 2026-02-25 to reflect updates based on Siemens ProductCERT SSA-613116. The threat assessment in the source material categorizes impact as 'Misinformed' for the identified product IDs.
Official resources
-
CVE-2024-26749 CVE record
CVE.org
-
CVE-2024-26749 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12