PatchSiren cyber security CVE debrief
CVE-2024-35962 Siemens CVE debrief
CVE-2024-35962 is a medium-severity vulnerability (CVSS 5.5) in the Linux kernel's netfilter subsystem, affecting Siemens industrial network devices running SINEC OS. The issue involves incomplete validation of user input in netfilter, which could allow a local attacker with low privileges to cause a denial of service condition. The vulnerability was published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. Siemens has released firmware updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial network infrastructure including SCALANCE XC/XR/XCM/XRM/XCH/XRH series switches and RUGGEDCOM RST2428P devices, particularly those in critical infrastructure sectors where availability of network infrastructure is essential. Security teams responsible for OT/ICS environments should prioritize firmware updates during maintenance windows.
Technical summary
CVE-2024-35962 stems from incomplete input validation within the Linux kernel's netfilter subsystem, which is used for packet filtering, network address translation, and port translation. The vulnerability allows a local attacker with low privileges to trigger a denial of service condition. The attack requires local access to the system (AV:L) with low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The impact is limited to availability (A:H) with no effect on confidentiality (C:N) or integrity (I:N). Siemens has addressed this in SINEC OS V3.1 and later versions. The advisory history indicates initial publication challenges with product scope, subsequently corrected in February 2026 revisions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM devices
- Verify current firmware versions on SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P devices
- Review local access controls to limit exposure to potential local attackers
- Monitor Siemens ProductCERT advisories for additional affected product notifications
- Implement network segmentation for industrial control systems per CISA recommended practices
Evidence notes
The vulnerability description indicates 'netfilter: complete validation of user input,' suggesting an input validation weakness in the Linux kernel's netfilter framework. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity, requiring low privileges, with high impact to availability but no confidentiality or integrity impact. The source advisory underwent multiple revisions, with the most significant update on February 25, 2026, republishing based on Siemens ProductCERT SSA-613116 advisory.
Official resources
-
CVE-2024-35962 CVE record
CVE.org
-
CVE-2024-35962 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public