PatchSiren cyber security CVE debrief
CVE-2024-26835 Siemens CVE debrief
A vulnerability in the Linux kernel's netfilter nf_tables subsystem could lead to improper state management when hook registration fails. The issue occurs because the dormant flag was not set upon hook registration failure, potentially causing resource management problems. This affects Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The vulnerability was resolved by ensuring the dormant flag is properly set when hook registration fails.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P industrial Ethernet switches in operational technology (OT) environments. Security teams managing industrial control systems and network infrastructure should prioritize firmware updates when available.
Technical summary
This vulnerability exists in the Linux kernel's netfilter framework, specifically in the nf_tables subsystem. When a hook registration fails, the code path did not properly set the dormant flag, which could lead to incorrect state tracking and potential resource management issues. The fix ensures that the dormant flag is set when hook registration fails, maintaining proper state consistency. This affects Siemens industrial networking equipment running SINEC OS that incorporates the vulnerable Linux kernel code.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product impact and patch information
- Verify SINEC OS version on affected Siemens SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available per Siemens security advisory
- Monitor CISA ICS advisories for additional guidance on industrial control system security
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates this was a resolved issue in the Linux kernel netfilter nf_tables subsystem. The CISA CSAF advisory ICSA-25-226-15, republished on 2026-02-25 based on Siemens ProductCERT SSA-613116, identifies affected Siemens products. The threat assessment in the source marks impact as 'Misinformed' for affected product IDs. No CVSS score or severity is available in the provided source data. The advisory has undergone multiple revisions, with the most recent on 2026-02-25 correcting affected products list and removing rejected CVEs.
Official resources
-
CVE-2024-26835 CVE record
CVE.org
-
CVE-2024-26835 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12