PatchSiren cyber security CVE debrief

CVE-2024-27410 Siemens CVE debrief

CVE-2024-27410 is a vulnerability in the Linux kernel's WiFi subsystem (nl80211) that was resolved by rejecting interface type changes when accompanied by mesh ID changes. The vulnerability stems from improper handling of simultaneous interface type and mesh ID modifications in the netlink 802.11 configuration interface. Siemens has identified this CVE as affecting its industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE switch families running SINEC OS. The CISA advisory ICSA-25-226-15, published August 12, 2025, and subsequently updated through February 25, 2026, tracks this vulnerability. Notably, the threat assessment in the source material categorizes the impact as 'Misinformed' for the affected product IDs, suggesting potential information disclosure or state confusion rather than direct code execution. The advisory underwent multiple revisions, including corrections to affected product lists and removal of rejected CVEs in later updates. Organizations running affected Siemens industrial networking equipment should consult the vendor's security advisory for specific patch guidance and version information.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-08-12
Original CVE updated: 2026-02-25
Advisory published: 2025-08-12
Advisory updated: 2026-02-25

Who should care

Organizations operating Siemens industrial networking infrastructure, particularly those deploying WiFi mesh configurations in operational technology (OT) environments. Security teams responsible for industrial control system (ICS) asset management and patch coordination should prioritize this advisory. Network administrators managing RUGGEDCOM RST2428P or SCALANCE XC/XR series switches should verify their exposure. Organizations with regulatory obligations for critical infrastructure protection should incorporate this into their vulnerability management workflows.

Technical summary

The vulnerability exists in the Linux kernel's nl80211 subsystem, which provides the userspace interface for configuring 802.11 wireless devices. The specific flaw allowed simultaneous changes to interface type (iftype) and mesh ID without proper validation, potentially causing state confusion or misinformed configuration in mesh networking scenarios. The fix implements rejection of such combined operations. This affects industrial networking products from Siemens that utilize the Linux kernel's wireless stack, including the RUGGEDCOM RST2428P and multiple SCALANCE switch families running SINEC OS. The vulnerability is classified with 'Misinformed' impact in the source advisory, indicating information or state integrity concerns rather than direct confidentiality/availability impacts.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
Verify SINEC OS versions on RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
Apply vendor-provided firmware updates when available per organizational change management procedures
Monitor CISA ICS advisories for additional guidance on industrial control system security practices
Implement network segmentation for industrial WiFi/mesh networks to limit potential attack surface

Evidence notes

The vulnerability description indicates a logic flaw in nl80211 where interface type changes combined with mesh ID changes were not properly validated. The 'Misinformed' threat category suggests this could lead to incorrect state information being processed. The source advisory underwent four revision cycles, with the most significant update on 2026-02-25 republishing based on Siemens ProductCERT SSA-613116. The vendor evidence is marked high confidence from CSAF product tree data.

Official resources

2025-08-12