CVE-2024-35960 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial network devices; critical infrastructure operators; OT security teams; industrial network administrators

Technical summary

The vulnerability exists in the net/mlx5 kernel driver used by Siemens industrial network devices. The flaw involves improper linking of new flow steering (fs) rules into the rule tree structure. With a CVSS 3.1 score of 9.1 (Critical), the vulnerability is exploitable over the network without authentication, requiring no user interaction. Successful exploitation can result in high impact to integrity and availability, though confidentiality is not affected. The attack vector is network-based with low attack complexity.

Defensive priority

critical

Recommended defensive actions

• Apply vendor fix: Update affected Siemens SINEC OS and SCALANCE devices to V3.1 or later version per Siemens ProductCERT guidance
• Verify device inventory against CISA ICS advisory ICSA-25-226-15 to confirm exposure
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous network traffic to affected mlx5-based systems
• Review and apply CISA defense-in-depth strategies for industrial control systems

Evidence notes

CISA CSAF advisory ICSA-25-226-15 documents this vulnerability in Siemens SINEC OS and related industrial network infrastructure products. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25 to reflect corrections to affected product lists and removal of rejected CVEs. Siemens ProductCERT advisory SSA-613116 provides the authoritative vendor remediation guidance.

Official resources