PatchSiren cyber security CVE debrief
CVE-2024-26840 Siemens CVE debrief
A memory leak vulnerability in the Linux kernel's cachefiles subsystem was resolved. The flaw existed in the cachefiles_add_cache() function, which could lead to memory exhaustion under certain conditions. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The issue was addressed through kernel patching. CISA published this advisory on August 12, 2025, with subsequent updates through February 2026 to correct affected product listings and incorporate Siemens ProductCERT guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial Ethernet switches and RUGGEDCOM devices in critical infrastructure environments, particularly those in manufacturing, energy, and transportation sectors where SCALANCE and RUGGEDCOM products are deployed. Security teams responsible for OT/ICS asset management and patch coordination should prioritize this advisory.
Technical summary
The vulnerability resides in the cachefiles_add_cache() function within the Linux kernel's cachefiles subsystem, which provides caching support for network filesystems. A memory leak condition could allow unbounded memory consumption, potentially leading to denial of service through resource exhaustion. The flaw was corrected in the upstream Linux kernel. Siemens industrial networking products incorporating the vulnerable kernel code are affected, including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, and the RUGGEDCOM RST2428P. The advisory threat classification of 'Misinformed' suggests this may relate to information integrity or diagnostic issues rather than direct security exploitation, though the underlying kernel fix addresses a genuine memory management defect.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates for affected Siemens SCALANCE and RUGGEDCOM devices per Siemens ProductCERT SSA-613116
- Review CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
- Monitor Siemens ProductCERT portal for additional product-specific guidance
- Implement network segmentation for industrial control systems to limit exposure
- Ensure affected devices are not directly exposed to untrusted networks
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message resolving the issue. Siemens ProductCERT advisory SSA-613116 provides product-specific impact assessment. CISA's ICSA-25-226-15 advisory, republished February 25, 2026, represents the current authoritative guidance. The threat category is marked as 'Misinformed' in the source CSAF data, indicating potential for information quality issues rather than direct exploitation.
Official resources
-
CVE-2024-26840 CVE record
CVE.org
-
CVE-2024-26840 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The vulnerability was disclosed via coordinated vendor and government advisory channels. Siemens ProductCERT issued advisory SSA-613116, which CISA republished as ICSA-25-226-15. The advisory underwent multiple revisions to refine product-a