PatchSiren cyber security CVE debrief
CVE-2024-26754 Siemens CVE debrief
A vulnerability in the Linux kernel's GTP (GPRS Tunneling Protocol) subsystem could allow use-after-free and null-pointer dereference conditions in the gtp_genl_dump_pdp() function. The issue has been resolved in the upstream Linux kernel. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, which incorporates the vulnerable Linux kernel component. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial Ethernet switches in critical infrastructure environments. Network administrators responsible for telecommunications infrastructure using GTP protocol handling, and security teams managing OT/ICS environments with Linux-based network equipment should prioritize assessment.
Technical summary
The vulnerability exists in the gtp_genl_dump_pdp() function within the Linux kernel's GTP (GPRS Tunneling Protocol) netlink implementation. The function is responsible for dumping PDP (Packet Data Protocol) context information via the generic netlink interface. The identified issues include a use-after-free condition and a null-pointer dereference, both representing memory safety violations that could potentially lead to denial of service or information disclosure. The vulnerability has been resolved in upstream Linux kernel development. Siemens industrial networking products incorporating the affected kernel component are identified as vulnerable, with remediation dependent on vendor firmware updates incorporating the kernel fix.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM products when available
- Verify SINEC OS version and confirm it incorporates the fixed Linux kernel GTP subsystem
- For systems where patching is not immediately feasible, implement network segmentation to limit exposure of GTP protocol handlers
- Monitor vendor security advisories from Siemens ProductCERT for additional product-specific guidance
- Review Linux kernel changelogs for GTP subsystem fixes to confirm patch presence in deployed versions
Evidence notes
The source advisory indicates this vulnerability was resolved in the Linux kernel. The CISA CSAF advisory ICSA-25-226-15 underwent multiple revisions: initial publication (2025-08-12), correction of affected products (2026-02-12), removal of rejected CVEs (2026-02-24), and final republication based on Siemens SSA-613116 (2026-02-25). The threat assessment in the source marks impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-26754 CVE record
CVE.org
-
CVE-2024-26754 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated vulnerability disclosure channels. The upstream Linux kernel fix predates the CISA advisory publication. Siemens ProductCERT issued advisory SSA-613116, which CISA republished as ICSA-25-