PatchSiren cyber security CVE debrief
CVE-2024-26779 Siemens CVE debrief
A race condition vulnerability in the Linux kernel's mac80211 Wi-Fi subsystem affects Siemens industrial networking products. The flaw occurs during the enabling of fast-xmit, a performance optimization for wireless packet transmission. Race conditions in kernel networking code can lead to use-after-free, null pointer dereference, or state corruption scenarios that may result in denial of service or potentially exploitable memory corruption. The vulnerability was resolved in the upstream Linux kernel. Siemens has assessed the impact as 'Misinformed' for affected product lines, indicating the vulnerability's applicability or severity may have been initially overstated or mischaracterized. The advisory underwent multiple revisions between February 2026, including corrections to affected product lists and removal of rejected CVEs, suggesting ongoing analysis of scope and impact.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial wireless networking infrastructure, particularly in critical infrastructure and OT environments using RUGGEDCOM or SCALANCE product families. Security teams responsible for Linux kernel maintenance in embedded industrial systems. ICS/SCADA security practitioners tracking CISA advisories for OT network equipment.
Technical summary
The vulnerability exists in the mac80211 subsystem of the Linux kernel, specifically in the fast-xmit path enabling logic. Fast-xmit is a transmit fastpath optimization that bypasses certain processing steps for efficiency. The race condition during enablement suggests improper synchronization between state transitions and packet processing, which could allow packet transmission to proceed with inconsistent state. This class of vulnerability in kernel networking subsystems typically manifests as use-after-free or null pointer dereference under specific timing conditions. The fix was committed to the upstream Linux kernel. Siemens products incorporating affected kernel versions include RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices, though the vendor's 'Misinformed' threat categorization suggests reassessment of original severity claims.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for definitive product impact assessment and patch availability
- Verify kernel version on affected Siemens SCALANCE and RUGGEDCOM devices against vendor security guidance
- Apply vendor-provided firmware updates when available per Siemens product security recommendations
- Monitor CISA ICS advisories for updates to affected product scope
- Implement network segmentation for industrial wireless infrastructure to limit exposure
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-15. Advisory revised 2026-02-12 (corrected affected products), 2026-02-24 (removed unsupported version notes and rejected CVEs), and 2026-02-25 (CISA republication based on Siemens SSA-613116). Threat category marked 'Misinformed' for all affected product IDs.
Official resources
-
CVE-2024-26779 CVE record
CVE.org
-
CVE-2024-26779 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12