PatchSiren cyber security CVE debrief
CVE-2024-26773 Siemens CVE debrief
This CVE addresses a vulnerability in the Linux kernel's ext4 filesystem, specifically within the `ext4_mb_try_best_found()` function. The issue involves improper block allocation from corrupted block groups, which could lead to filesystem instability or data integrity problems. The vulnerability was resolved by implementing checks to avoid allocating blocks from corrupted groups. Siemens has identified this CVE as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. The advisory categorizes the impact as 'Misinformed' for the affected Siemens products. No CVSS score or severity rating is currently available in the source data.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X-family managed switches. OT security teams responsible for maintaining SINEC OS deployments. Infrastructure operators relying on ext4 filesystems in embedded Linux systems within industrial environments.
Technical summary
The vulnerability exists in the ext4 filesystem implementation within the Linux kernel. The `ext4_mb_try_best_found()` function, part of the multiblock allocator, could attempt to allocate blocks from corrupted block groups. This flaw could result in allocation of unusable or inconsistent blocks, potentially causing filesystem errors, data corruption, or system instability. The fix implements validation to prevent allocation from groups marked as corrupted. Siemens industrial networking products utilizing SINEC OS incorporate the affected Linux kernel components and are consequently exposed to this vulnerability.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance and patch availability
- Verify SINEC OS version on affected Siemens devices (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family)
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices
- Ensure ext4 filesystem integrity checks are performed on affected Linux-based systems
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message indicating a resolution to avoid allocating blocks from corrupted groups in ext4_mb_try_best_found(). Siemens ProductCERT advisory SSA-613116 is the authoritative source for product impact. CISA advisory ICSA-25-226-15 was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect republication based on the Siemens advisory. The source explicitly marks impact as 'Misinformed' for affected product IDs CSAFPID-0001, CSAFPID-0003, and CSAFPID-0004. Revision history confirms corrections to affected product listings on 2026-02-12 and removal of rejected CVEs on 2026-02-24.
Official resources
-
CVE-2024-26773 CVE record
CVE.org
-
CVE-2024-26773 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12