CVE-2024-26788 Siemens CVE debrief

Who should care

Operators of Siemens industrial networking infrastructure using SINEC OS on RUGGEDCOM or SCALANCE devices; Linux kernel maintainers working with fsl-qdma driver on NXP/Freescale QorIQ platforms

Technical summary

The vulnerability exists in the Freescale QDMA (Queue-based Direct Memory Access) engine driver within the Linux kernel's dmaengine subsystem. The issue stems from interrupt request (IRQ) initialization occurring before hardware register initialization, creating a potential race condition window. The resolution reorders the initialization sequence to ensure registers are configured prior to IRQ registration. Siemens ProductCERT has evaluated this CVE against their industrial networking product portfolio and determined it to be 'Misinformed'—meaning the vulnerability as described does not apply to the specific product configurations listed, which include RUGGEDCOM RST2428P and multiple SCALANCE X-family switch families running SINEC OS. The CISA republication on 2026-02-25 reflects the latest vendor assessment based on Siemens SSA-613116 advisory.

Defensive priority

low

Recommended defensive actions

• Verify SINEC OS version on affected Siemens devices; versions 3.1 and above are supported and maintained per vendor advisory
• Review vendor security advisory SSA-613116 for definitive product impact assessment
• Apply standard ICS defense-in-depth practices per CISA guidance for industrial control systems
• Monitor CISA ICS advisories for any future reassessment of this CVE

Evidence notes

CISA CSAF advisory ICSA-25-226-15 (republished 2026-02-25) carries Siemens ProductCERT SSA-613116 assessment marking CVE-2024-26788 as 'Misinformed' for affected product IDs. Linux kernel fix description confirms driver initialization order correction. No CVSS score assigned in source corpus.

Official resources