PatchSiren cyber security CVE debrief
CVE-2024-26791 Siemens CVE debrief
A vulnerability in the Linux kernel's Btrfs filesystem device replacement functionality has been resolved. The issue involved improper validation of device names during the dev-replace operation, which could potentially lead to security issues. The vulnerability affects Siemens industrial networking products that utilize the affected Linux kernel components, specifically the RUGGEDCOM RST2428P and SCALANCE X family switches running SINEC OS. The issue was addressed through a kernel patch that implements proper device name validation in the btrfs dev-replace code path.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS. System administrators managing Linux-based industrial control systems utilizing Btrfs filesystems with device replacement capabilities. Critical infrastructure operators in sectors relying on Siemens industrial Ethernet switches for operational technology networks.
Technical summary
The vulnerability exists in the Linux kernel's Btrfs filesystem implementation, specifically within the device replacement (dev-replace) functionality. The issue stems from insufficient validation of device names during replacement operations. Btrfs is a modern copy-on-write filesystem for Linux that supports advanced features including device management and replacement. The dev-replace feature allows administrators to replace a device in a Btrfs filesystem with another device, typically for maintenance or upgrade purposes. Without proper validation of device names, malformed or unexpected input could potentially cause issues during this operation. The resolution implements proper validation checks on device names before processing replacement operations.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for specific patch availability and version guidance for affected SCALANCE and RUGGEDCOM products
- Apply vendor-provided firmware updates for SINEC OS on affected Siemens industrial switches when available
- Verify Btrfs filesystem configurations on affected systems and ensure proper device naming conventions are followed
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems per CISA recommended practices to limit exposure
Evidence notes
The vulnerability description indicates a resolution in the Linux kernel's Btrfs dev-replace functionality for proper device name validation. The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25, covers this CVE as part of Siemens ProductCERT advisory SSA-613116. The threat assessment in the source marks impact as 'Misinformed' for affected product IDs. The advisory has undergone multiple revisions, with the most recent update correcting affected products list and removing rejected CVEs.
Official resources
-
CVE-2024-26791 CVE record
CVE.org
-
CVE-2024-26791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12