CVE-2024-27412 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE X-family switches, RUGGEDCOM RST2428P devices, or other industrial networking equipment running SINEC OS should prioritize reviewing this advisory. System administrators maintaining Linux-based industrial systems with battery management ICs using the bq27xxx driver should also verify patch status.

Technical summary

The bq27xxx-i2c driver in the Linux kernel's power supply subsystem contained a flaw where an IRQ (interrupt request) could be freed even when it did not exist. This improper resource management could lead to kernel instability or crashes. The fix ensures that the IRQ is only freed when valid. Siemens industrial networking products running SINEC OS incorporate this kernel code and are affected, requiring vendor-provided updates.

Defensive priority

medium

Recommended defensive actions

• Review Siemens ProductCERT advisory SSA-613116 for specific product impact and patch availability
• Apply SINEC OS updates as provided by Siemens for affected SCALANCE and RUGGEDCOM devices
• Verify kernel patch status for any custom Linux deployments using the bq27xxx-i2c driver
• Monitor CISA ICS advisories for additional guidance on industrial control system security practices

Evidence notes

The vulnerability description indicates a kernel-level issue in the bq27xxx-i2c power supply driver where a non-existent IRQ could be freed. Siemens ProductCERT advisory SSA-613116 (referenced via CISA ICSA-25-226-15) identifies affected products including RUGGEDCOM RST2428P and SCALANCE X-family switches. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected products list and removal of rejected CVEs.

Official resources