PatchSiren cyber security CVE debrief
CVE-2024-27405 Siemens CVE debrief
CVE-2024-27405 is a vulnerability in the Linux kernel's USB gadget NCM (Network Control Model) subsystem. The issue involves improper handling of datagrams within properly parsed NTBs (NCM Transfer Blocks), which could result in data loss or communication failures in USB networking implementations. The vulnerability was resolved by ensuring datagrams are not dropped when NTBs are correctly parsed. Siemens has identified this vulnerability as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE X-family devices running SINEC OS. The CISA advisory ICSA-25-226-15, published on August 12, 2025, and subsequently updated through February 25, 2026, provides coordinated disclosure for this issue. The advisory underwent multiple revisions to correct affected product listings and remove rejected CVEs. Siemens has assessed the impact of this vulnerability as 'Misinformed' for the affected products. Organizations operating the identified Siemens industrial networking equipment should consult the vendor's security advisory for specific patch availability and deployment guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those with RUGGEDCOM RST2428P or SCALANCE X-family devices in USB networking configurations. OT security teams responsible for patch management in industrial environments. Network administrators managing SINEC OS deployments should prioritize vendor guidance.
Technical summary
The vulnerability exists in the USB gadget NCM driver within the Linux kernel. The NCM (Network Control Model) is a USB class protocol for Ethernet networking over USB. The specific flaw caused properly parsed NTBs (NCM Transfer Blocks) to incorrectly drop contained datagrams, potentially disrupting USB-based network communications. The fix ensures datagrams are preserved when NTBs are successfully parsed. This vulnerability affects Siemens industrial networking products that utilize the Linux kernel's USB gadget subsystem with NCM functionality, specifically devices running SINEC OS including the RUGGEDCOM RST2428P and various SCALANCE X-family switches.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for detailed product-specific patch information and affected version ranges
- Verify SINEC OS version on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family and RUGGEDCOM RST2428P devices
- Apply vendor-provided firmware updates when available per organizational change management procedures
- Monitor CISA ICS advisories for additional guidance on industrial control system security practices
- Implement network segmentation for industrial control systems to limit exposure of vulnerable USB gadget implementations
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message indicating a resolution for datagram dropping in USB gadget NCM. Siemens ProductCERT advisory SSA-613116 is the authoritative source for product-specific impact assessment. CISA's ICSA-25-226-15 serves as the coordinating advisory, with revision history showing ongoing refinement of affected product scope from August 2025 through February 2026.
Official resources
-
CVE-2024-27405 CVE record
CVE.org
-
CVE-2024-27405 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
coordinated