PatchSiren cyber security CVE debrief
CVE-2024-35947 Siemens CVE debrief
CVE-2024-35947 is a medium-severity vulnerability in the Linux kernel's dynamic debug (dyndbg) subsystem, specifically within the >control parser. The issue stems from a BUG_ON assertion dating to 2009 that could trigger under certain parsing conditions, potentially causing a kernel panic and resulting in denial of service. The vulnerability was resolved by replacing the BUG_ON with proper error handling (pr_err and return -EINVAL). Siemens has identified this vulnerability as affecting multiple industrial network infrastructure products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact. A vendor fix is available requiring update to SINEC OS V3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial network infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families). OT security teams, industrial network administrators, and asset owners in critical infrastructure sectors using affected devices should prioritize firmware updates. The local attack vector suggests insider threat or compromised management access as primary risk scenarios.
Technical summary
The vulnerability exists in the Linux kernel's dynamic debug (dyndbg) facility, specifically in the >control parser that processes debug control commands. A BUG_ON macro from 2009, intended to catch impossible conditions, could be triggered through crafted input, causing an immediate kernel panic. The fix replaces this fatal assertion with proper error handling: logging an error message and returning -EINVAL to the caller. This is a local vulnerability requiring low privileges but can cause complete system availability loss. Affected Siemens products use SINEC OS based on the Linux kernel and are deployed in industrial network infrastructure roles.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware update to SINEC OS V3.1 or later for affected Siemens industrial network devices
- Review and validate local access controls to limit privileged access to device management interfaces
- Monitor for anomalous system behavior or unexpected reboots on affected infrastructure
- Consult Siemens ProductCERT advisory SSA-613116 for detailed product-specific guidance
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates this was a legacy BUG_ON from 2009 in the Linux kernel dyndbg >control parser. Siemens ProductCERT advisory SSA-613116 (republished by CISA as ICSA-25-226-15) confirms affected products and remediation. The CVSS vector confirms local attack scope with availability impact. Timeline shows initial publication 2025-08-12 with subsequent revisions through 2026-02-25 correcting affected product lists and removing rejected CVEs.
Official resources
-
CVE-2024-35947 CVE record
CVE.org
-
CVE-2024-35947 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12