PatchSiren cyber security CVE debrief
CVE-2024-35955 Siemens CVE debrief
A use-after-free vulnerability in the Linux kernel's kprobes subsystem affects Siemens industrial networking products running SINEC OS. The flaw occurs during kprobe registration and could allow an attacker with local privileges to achieve code execution. Siemens has released updates to address this issue in affected SCALANCE and RUGGEDCOM devices.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, RUGGEDCOM RST2428P devices, or other SINEC OS-based industrial networking equipment should prioritize this update. Critical infrastructure operators in manufacturing, energy, and transportation sectors relying on these devices for network segmentation and industrial communications are particularly affected.
Technical summary
CVE-2024-35955 is a use-after-free vulnerability in the Linux kernel's kprobes subsystem, specifically affecting kprobe registration. The flaw exists in code paths where kprobe structures may be accessed after being freed during registration operations. Siemens has identified this vulnerability as affecting SINEC OS, the operating system powering SCALANCE industrial Ethernet switches and RUGGEDCOM devices. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector with low attack complexity, requiring low privileges but no user interaction, with high impact to confidentiality, integrity, and availability. Siemens released firmware version 3.1 to remediate this vulnerability in affected product families. The CISA advisory revision history shows ongoing refinement of affected product lists, with corrections issued in February 2026 to accurately reflect impacted and non-impacted devices.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.1 or later for affected SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices
- Review Siemens ProductCERT advisory SSA-613116 for detailed patch availability and installation guidance
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor for anomalous privileged access attempts on affected devices pending patching
- Validate that RUGGEDCOM RST2428P deployments follow vendor hardening guidance
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-15. Advisory modified 2026-02-25 with republication based on Siemens ProductCERT SSA-613116. CVSS 8.8 (HIGH) per source. CWE-416 (Use After Free) identified. Not listed in CISA KEV.
Official resources
-
CVE-2024-35955 CVE record
CVE.org
-
CVE-2024-35955 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12