CVE-2024-35969 Siemens CVE debrief

Who should care

Organizations operating Siemens industrial Ethernet switches in manufacturing, energy, transportation, and critical infrastructure sectors should prioritize patching. Security teams managing OT networks with IPv6-enabled devices and system administrators responsible for SCALANCE and RUGGEDCOM product lines need to assess exposure and apply updates.

Technical summary

CVE-2024-35969 is a race condition vulnerability in the Linux kernel's IPv6 address handling code, specifically between the ipv6_get_ifaddr and ipv6_del_addr functions. The flaw exists in the networking subsystem and can be triggered by a local attacker with low privileges. The vulnerability results in a denial of service condition with high availability impact. Affected products include Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switches running SINEC OS. The CVSS 3.1 score of 5.5 reflects the local attack vector and availability impact. Siemens has addressed this vulnerability in SINEC OS V3.1 and later versions.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM devices
• Review network segmentation for industrial control systems to limit local access
• Monitor for anomalous IPv6 traffic patterns on affected devices
• Consult Siemens ProductCERT advisory SSA-613116 for detailed patch guidance

Evidence notes

The vulnerability is described as a race condition between ipv6_get_ifaddr and ipv6_del_addr in the IPv6 implementation. CISA published advisory ICSA-25-226-15 on 2025-08-12, with subsequent updates through 2026-02-25 to correct affected product listings and remove rejected CVEs. The CVSS 3.1 vector indicates local attack vector with low attack complexity, requiring low privileges and resulting in high availability impact.

Official resources