PatchSiren cyber security CVE debrief
CVE-2024-26752 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's L2TP (Layer 2 Tunneling Protocol) subsystem where an incorrect message length was passed to the `ip6_append_data` function. The vulnerability was resolved by correcting the message length parameter passed during IPv6 packet construction in L2TP. The issue affects Siemens industrial networking products that incorporate the vulnerable Linux kernel code, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. The vulnerability is classified as 'Misinformed' in the source advisory's threat categorization. No CVSS score or severity rating is available in the provided source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE X-family switches and RUGGEDCOM devices, particularly those utilizing L2TP over IPv6 in operational technology environments.
Technical summary
The vulnerability exists in the Linux kernel's L2TP implementation where the `ip6_append_data` function receives an incorrect message length parameter during IPv6 packet construction. This can lead to improper packet handling. The fix ensures the correct message length is passed to maintain proper IPv6 datagram assembly in L2TP tunnels.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product impact and patch availability
- Verify SINEC OS version on affected Siemens SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
Vulnerability resolved in Linux kernel L2TP subsystem. Affects Siemens SINEC OS-based products including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Advisory ICSA-25-226-15 published by CISA with multiple revisions through 2026-02-25.
Official resources
-
CVE-2024-26752 CVE record
CVE.org
-
CVE-2024-26752 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12