PatchSiren cyber security CVE debrief
CVE-2024-26993 Siemens CVE debrief
A reference leak vulnerability in the Linux kernel's sysfs subsystem, specifically within the `sysfs_break_active_protection()` function, has been resolved. This flaw could allow a local attacker to cause a denial of service condition. The vulnerability affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. Siemens has released updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P switches in industrial control system environments. System administrators responsible for maintaining availability of critical infrastructure networks should prioritize this patch to prevent potential denial of service from local access exploitation.
Technical summary
The vulnerability exists in the `sysfs_break_active_protection()` function within the Linux kernel's sysfs filesystem implementation. A reference leak in this function could be exploited by a local attacker with low privileges to trigger a denial of service condition. The flaw has been resolved in the upstream Linux kernel. Siemens has incorporated this fix into SINEC OS V3.1 and later versions for affected industrial networking products. The CVSS 3.1 base score of 5.5 (MEDIUM) reflects the local attack vector and high availability impact with no confidentiality or integrity compromise.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM products
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous local access attempts on affected devices
- Prioritize patching based on device exposure to untrusted local users
Evidence notes
The vulnerability was disclosed in CISA advisory ICSA-25-226-15, which republished Siemens ProductCERT advisory SSA-613116. The advisory was initially published on 2025-08-12 and most recently updated on 2026-02-25 to reflect corrections to affected products and removal of rejected CVEs. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates local attack vector with low attack complexity, requiring low privileges, resulting in high availability impact with no confidentiality or integrity impact.
Official resources
-
CVE-2024-26993 CVE record
CVE.org
-
CVE-2024-26993 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12