PatchSiren cyber security CVE debrief
CVE-2024-26778 Siemens CVE debrief
A vulnerability in the Linux kernel's S3 Savage framebuffer driver (fbdev: savage) has been identified and resolved. The issue occurs when the pixclock parameter equals zero, which could lead to undefined behavior. The fix adds proper error handling to exit when this condition is detected. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was disclosed in CISA advisory ICSA-25-226-15, which was republished on February 25, 2026 based on Siemens ProductCERT advisory SSA-613116. The advisory's threat assessment categorizes the impact as 'Misinformed' for affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those with SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family switches, or RUGGEDCOM RST2428P devices. OT security teams managing SINEC OS deployments should prioritize vendor guidance review.
Technical summary
The vulnerability exists in the fbdev: savage driver within the Linux kernel. When the pixclock (pixel clock) parameter is set to zero, the driver fails to properly validate this input, potentially leading to division by zero errors or other undefined behavior. The resolution adds an explicit error check that exits when pixclock equals zero. This affects Siemens industrial networking equipment running SINEC OS, including the RUGGEDCOM RST2428P and multiple SCALANCE switch families. The CISA advisory assessment indicates 'Misinformed' impact, suggesting limited practical exploitability under normal operational conditions.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Verify SINEC OS version on affected SCALANCE and RUGGEDCOM devices
- Apply vendor-provided patches or updates as specified in Siemens security advisory
- Monitor CISA ICS advisories for additional updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a kernel-level framebuffer driver issue where division by zero or undefined behavior could occur when pixclock equals zero. The CISA CSAF advisory ICSA-25-226-15 was initially published on August 12, 2025 and underwent multiple revisions, with the most recent republication on February 25, 2026. The advisory's threat section explicitly marks impact as 'Misinformed' for the three affected product IDs (CSAFPID-0001, CSAFPID-0004, CSAFPID-0003). Siemens ProductCERT advisory SSA-613116 serves as the canonical source for this vulnerability information.
Official resources
-
CVE-2024-26778 CVE record
CVE.org
-
CVE-2024-26778 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12