PatchSiren cyber security CVE debrief
CVE-2024-26805 Siemens CVE debrief
This CVE addresses a kernel information leak after free vulnerability in the Linux kernel's netlink subsystem, specifically within the skb_datagram_iter function. The vulnerability was resolved with a fix to prevent information disclosure from freed memory. Siemens has identified this CVE as affecting multiple industrial networking product families including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. The CISA advisory ICSA-25-226-15, published August 12, 2025 and most recently updated February 25, 2026, incorporates Siemens ProductCERT advisory SSA-613116. The advisory has undergone multiple revisions, including corrections to affected product listings and removal of rejected CVEs in February 2026. Organizations should consult vendor guidance for patch availability and apply defense-in-depth strategies for industrial control systems.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SINEC OS-based industrial networking infrastructure, including critical infrastructure operators using SCALANCE and RUGGEDCOM devices. OT security teams responsible for patch management in industrial environments.
Technical summary
The vulnerability exists in the Linux kernel's netlink implementation where skb_datagram_iter could access freed memory, resulting in kernel information leakage. This affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE XC/XR series switches. The fix resolves the use-after-free condition to prevent information disclosure.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS when available
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor CISA ICS advisories for additional guidance on affected Siemens products
Evidence notes
Vulnerability description sourced from CVE record and CISA CSAF advisory ICSA-25-226-15. Siemens ProductCERT SSA-613116 identified as canonical source. Advisory revision history shows multiple updates through February 25, 2026, including product list corrections and CVE removals.
Official resources
-
CVE-2024-26805 CVE record
CVE.org
-
CVE-2024-26805 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12