PatchSiren cyber security CVE debrief
CVE-2024-27413 Siemens CVE debrief
A vulnerability in the Linux kernel's EFI capsule-loader subsystem, where an incorrect allocation size could lead to memory safety issues. The flaw was resolved by correcting the allocation size calculation in the capsule-loader code. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability is classified as 'Misinformed' impact in the CISA advisory, indicating potential for information disclosure or integrity issues due to the memory allocation error.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families) or RUGGEDCOM RST2428P devices with SINEC OS should prioritize this advisory. OT security teams, industrial network administrators, and asset owners in critical infrastructure sectors using affected Siemens networking equipment should monitor for vendor patches and implement compensating controls where patching is not immediately feasible.
Technical summary
The vulnerability exists in the Linux kernel's EFI capsule-loader driver, which is responsible for handling firmware update capsules in UEFI environments. An incorrect allocation size calculation could result in insufficient memory being allocated for capsule data structures, potentially leading to buffer overflows, information disclosure, or system instability during firmware update operations. The fix corrects the size calculation to ensure proper memory allocation. This kernel-level vulnerability affects Siemens industrial networking products that utilize the Linux kernel with EFI capsule-loader support for firmware management.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM devices when available
- Verify SINEC OS version on affected devices and upgrade to patched versions per vendor guidance
- Monitor CISA ICS advisories for additional updates to ICSA-25-226-15
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates a memory allocation size error in the Linux kernel's EFI capsule-loader component. The fix involves correcting the allocation size calculation. Siemens ProductCERT advisory SSA-613116 (referenced in CISA ICSA-25-226-15) covers this vulnerability for affected SINEC OS-based products. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect republication based on the Siemens advisory.
Official resources
-
CVE-2024-27413 CVE record
CVE.org
-
CVE-2024-27413 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12