PatchSiren cyber security CVE debrief
CVE-2024-26777 Siemens CVE debrief
A vulnerability in the Linux kernel's SIS framebuffer driver (fbdev: sis) has been identified where a zero-value pixclock parameter could lead to undefined behavior. The issue was resolved by adding an error check that exits when pixclock equals zero, preventing potential divide-by-zero or other arithmetic errors in video mode calculations. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, which incorporates the vulnerable Linux kernel component. The vulnerability is classified as 'Misinformed' in impact assessments for affected Siemens products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family industrial Ethernet switches, RUGGEDCOM RST2428P devices, or other SINEC OS-based industrial networking equipment should prioritize assessment. OT security teams managing industrial control system networks, particularly those in critical infrastructure sectors, should monitor for vendor patches and implement compensating controls as recommended by CISA and Siemens ProductCERT.
Technical summary
The vulnerability exists in the Silicon Integrated Systems (SIS) framebuffer driver within the Linux kernel. The pixclock parameter, which represents pixel clock timing for video modes, was not validated for zero values before use in calculations. A zero pixclock could result in divide-by-zero errors or other undefined arithmetic behavior during video mode setting operations. The fix adds an explicit error check that returns failure when pixclock equals zero, preventing the vulnerable code path from executing. This vulnerability affects Siemens industrial networking products running SINEC OS, which is based on the Linux kernel.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS-based devices when available
- Verify SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P systems are running supported SINEC OS versions (3.1 or later)
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a resolution in the Linux kernel's fbdev: sis driver to error out when pixclock equals zero. Siemens ProductCERT advisory SSA-613116 (referenced via CISA ICSA-25-226-15) identifies affected products including RUGGEDCOM RST2428P and SCALANCE X-family industrial switches. The CISA CSAF source indicates this vulnerability was republished on 2026-02-25 based on updated Siemens advisory information. Impact assessment for affected products is categorized as 'Misinformed' per the source threat data.
Official resources
-
CVE-2024-26777 CVE record
CVE.org
-
CVE-2024-26777 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12