PatchSiren cyber security CVE debrief
CVE-2024-35958 Siemens CVE debrief
CVE-2024-35958 is a vulnerability in the Amazon Elastic Network Adapter (ENA) driver for Linux, specifically affecting the net: ena subsystem. The issue involves incorrect descriptor free behavior that can lead to memory corruption or system instability. The vulnerability has been assigned a CVSS 3.1 score of 5.5 (MEDIUM severity) with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local attack vector with low attack complexity, low privileges required, and high availability impact. Siemens has identified this vulnerability as affecting certain industrial networking products, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. The vulnerability was initially published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. Siemens has provided a vendor fix requiring update to SINEC OS version 3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, RUGGEDCOM RST2428P devices, or other SINEC OS-based industrial networking equipment should prioritize this patch. System administrators managing OT/ICS environments with these devices, security teams responsible for industrial network infrastructure, and compliance officers tracking CVE remediation for critical infrastructure should monitor this advisory.
Technical summary
The vulnerability exists in the Amazon ENA (Elastic Network Adapter) driver's descriptor management code within the Linux kernel networking subsystem. The incorrect descriptor free behavior can result in use-after-free conditions or memory corruption when handling network buffer descriptors. This affects Siemens industrial networking products that utilize the ENA driver in their SINEC OS firmware. The local attack vector requires authenticated access with low privileges, making this primarily a concern for multi-user systems or compromised endpoint scenarios. The high availability impact indicates successful exploitation can cause denial of service through system crashes or network interface failure.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided update to SINEC OS V3.1 or later version for affected Siemens industrial networking products
- Review and implement CISA ICS recommended practices for industrial control system security
- Monitor Siemens ProductCERT security advisories for additional updates to SSA-613116
- Assess network segmentation for affected SCALANCE and RUGGEDCOM devices to limit local attack vector exposure
- Verify firmware version on affected devices and prioritize patching for critical infrastructure deployments
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15. CVSS vector confirms local attack vector with availability impact. Siemens ProductCERT advisory SSA-613116 provides remediation guidance. CWE-416 (Use After Free) classification referenced in source materials.
Official resources
-
CVE-2024-35958 CVE record
CVE.org
-
CVE-2024-35958 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12