PatchSiren cyber security CVE debrief
CVE-2024-27416 Siemens CVE debrief
A vulnerability in the Linux kernel's Bluetooth subsystem, specifically in the handling of HCI_EV_IO_CAPA_REQUEST events in hci_event.c, has been resolved. The issue was addressed in the Bluetooth stack to properly handle IO capability request events. Siemens has identified this vulnerability as affecting certain industrial networking products that utilize the affected Linux kernel Bluetooth components, including the RUGGEDCOM RST2428P and SCALANCE X family devices running SINEC OS. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. No CVSS score or severity rating has been assigned in available sources. CISA has not added this vulnerability to the Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those with Bluetooth-enabled RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. OT security teams managing SINEC OS deployments should prioritize firmware updates. Organizations in critical infrastructure sectors (energy, manufacturing, transportation) utilizing these devices for network segmentation or industrial Ethernet applications.
Technical summary
The vulnerability exists in the Linux kernel's Bluetooth host controller interface (HCI) event handling code, specifically in the hci_event.c source file. The HCI_EV_IO_CAPA_REQUEST event, which is part of the Bluetooth pairing process for establishing IO capabilities between devices, was not handled correctly. This event is used during the Secure Simple Pairing procedure to negotiate authentication requirements and IO capabilities between Bluetooth devices. The resolution involved correcting the handling logic for this event type in the kernel's Bluetooth subsystem. Siemens industrial networking products running SINEC OS that incorporate the affected Linux kernel versions are impacted, including select RUGGEDCOM RST2428P and SCALANCE X family devices. The vulnerability is classified with an impact of 'Misinformed' per the CISA CSAF advisory, indicating potential for information disclosure or authentication bypass in Bluetooth pairing scenarios.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for affected product versions and patch availability
- Apply vendor-provided firmware updates for SINEC OS on affected SCALANCE and RUGGEDCOM devices
- Verify Bluetooth functionality requirements and disable if not needed for operational use
- Monitor CISA ICS advisories for additional guidance on industrial control system protections
Evidence notes
Vulnerability description sourced from Linux kernel commit message indicating resolution of Bluetooth hci_event handling issue. Siemens ProductCERT advisory SSA-613116 and CISA ICSA-25-226-15 provide affected product identification. Advisory revision history shows multiple updates: initial publication (2025-08-12), product list corrections (2026-02-12), removal of rejected CVEs (2026-02-24), and republication based on Siemens advisory (2026-02-25).
Official resources
-
CVE-2024-27416 CVE record
CVE.org
-
CVE-2024-27416 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12