PatchSiren cyber security CVE debrief
CVE-2024-26763 Siemens CVE debrief
A vulnerability in the Linux kernel's dm-crypt subsystem, where data could be modified when using authenticated encryption, has been resolved. The issue affected authenticated encryption implementations in device-mapper crypt targets, potentially compromising data integrity guarantees. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was originally published on 2025-08-12 and the advisory was last modified on 2026-02-25 to reflect updated product impact assessments based on Siemens ProductCERT advisory SSA-613116.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500), XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P switches running SINEC OS. System administrators responsible for industrial network security and Linux-based encryption deployments in operational technology environments.
Technical summary
The vulnerability exists in the Linux kernel's device-mapper crypt (dm-crypt) target when using authenticated encryption modes. The issue involved improper data handling that could result in modification of data during encryption operations, undermining the integrity protections that authenticated encryption is designed to provide. The resolution ensures that data is not modified when authenticated encryption is in use, preserving the cryptographic integrity guarantees. This affects industrial networking products from Siemens that utilize SINEC OS and incorporate the vulnerable Linux kernel components.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific product patch availability and version guidance
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices against vendor-supported releases
- Apply kernel updates provided through Siemens SINEC OS maintenance channels for affected products
- Validate dm-crypt configurations on Linux-based industrial systems using authenticated encryption modes
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a resolution in the Linux kernel dm-crypt subsystem related to authenticated encryption data handling. The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25, incorporates Siemens ProductCERT SSA-613116 guidance. The advisory revision history shows corrections to affected product listings and removal of unsupported product versions. Threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-26763 CVE record
CVE.org
-
CVE-2024-26763 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public