PatchSiren cyber security CVE debrief
CVE-2024-27417 Siemens CVE debrief
A vulnerability in the Linux kernel's IPv6 networking subsystem could allow a reference leak of 'struct net' in the inet6_rtm_getaddr() function. This flaw, resolved in the upstream kernel, affects Siemens industrial networking products running SINEC OS. The vulnerability stems from improper reference counting that could lead to resource exhaustion over time. Siemens has assessed the impact as 'Misinformed' for affected products, indicating the vulnerability's applicability or severity may have been initially overstated. The advisory was first published on August 12, 2025, with subsequent revisions through February 25, 2026, including corrections to affected product lists and removal of rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial Ethernet switches in IPv6-enabled environments should monitor this advisory. OT security teams and network administrators responsible for critical infrastructure networking equipment should prioritize vendor guidance.
Technical summary
The inet6_rtm_getaddr() function in the Linux kernel's IPv6 implementation contained a potential reference leak of 'struct net'. This networking structure reference counting flaw could lead to gradual resource exhaustion. The vulnerability was resolved in upstream Linux kernel development. Siemens SINEC OS, used in SCALANCE and RUGGEDCOM industrial networking products, incorporates the affected kernel code. Siemens has reassessed the vulnerability impact as 'Misinformed' through advisory revisions, suggesting initial severity assessments may have been inaccurate. The advisory timeline shows multiple revisions: initial publication (2025-08-12), product list corrections (2026-02-12), removal of rejected CVEs (2026-02-24), and final republication (2026-02-25).
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-613116 for current affected product status and patch availability
- Verify SINEC OS version on deployed Siemens SCALANCE and RUGGEDCOM devices
- Apply vendor-provided firmware updates when available per Siemens maintenance windows
- Monitor for anomalous memory consumption on affected IPv6-enabled network infrastructure
- Implement network segmentation to limit exposure of industrial control system devices
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-15 from CISA CSAF. Siemens ProductCERT SSA-613116 is the canonical vendor advisory. Impact assessed as 'Misinformed' per source threats data.
Official resources
-
CVE-2024-27417 CVE record
CVE.org
-
CVE-2024-27417 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12