PatchSiren cyber security CVE debrief
CVE-2024-26801 Siemens CVE debrief
A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem, specifically in the hci_error_reset function, has been identified and resolved. The vulnerability was present in the Bluetooth Host Controller Interface (HCI) error handling path where a race condition could lead to accessing freed memory. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. No known exploitation in the wild has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC/XR/XCM/XRM/XCH/XRH series devices. OT security teams managing SINEC OS deployments in critical infrastructure environments. System administrators responsible for patch management in industrial control system networks with Bluetooth-enabled devices.
Technical summary
The vulnerability exists in the hci_error_reset function within the Linux kernel's Bluetooth Host Controller Interface (HCI) implementation. A race condition during error handling could result in a use-after-free memory access, potentially leading to system instability or code execution in kernel context. The issue has been resolved in the upstream Linux kernel. Siemens industrial networking products utilizing affected kernel versions are impacted, with specific product families identified in vendor advisories. The vulnerability requires local or adjacent network access to Bluetooth interfaces for potential exploitation.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch information and affected version matrices
- Verify SINEC OS version on affected Siemens devices (RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family) and apply vendor-provided updates
- For systems where immediate patching is not feasible, implement network segmentation to limit Bluetooth interface exposure and monitor for anomalous HCI-related activity
- Apply defense-in-depth practices for industrial control systems as recommended by CISA, including restricting physical access to Bluetooth-enabled devices
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Evidence notes
The vulnerability description indicates a resolved use-after-free condition in hci_error_reset within the Linux kernel Bluetooth subsystem. Siemens ProductCERT advisory SSA-613116 provides the authoritative product impact assessment. CISA advisory ICSA-25-226-15 was initially published August 12, 2025, with revision history showing updates on February 12, 2026 (corrected affected products), February 24, 2026 (removed unsupported SINEC OS versions and rejected CVEs), and February 25, 2026 (CISA republication based on updated Siemens advisory). The threat assessment in the source material categorizes impact as 'Misinformed' for affected product IDs.
Official resources
-
CVE-2024-26801 CVE record
CVE.org
-
CVE-2024-26801 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12