PatchSiren cyber security CVE debrief
CVE-2024-35973 Siemens CVE debrief
CVE-2024-35973 is a medium-severity vulnerability (CVSS 5.5) affecting the GENEVE tunneling implementation in the Linux kernel, specifically in the `geneve_xmit_skb` function. The issue involves improper header validation that could lead to a denial-of-service condition. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability requires local access with low privileges to exploit, and successful exploitation results in high availability impact with no confidentiality or integrity impact. Siemens has released updates to address this issue, recommending affected users upgrade to SINEC OS V3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, and RUGGEDCOM RST2428P switches. This particularly affects OT/ICS environments utilizing GENEVE tunneling for network virtualization, cloud infrastructure providers using GENEVE in their underlying Linux kernel implementations, and security teams responsible for maintaining availability of critical industrial control system networks.
Technical summary
The vulnerability exists in the GENEVE (Generic Network Virtualization Encapsulation) implementation within the Linux kernel's `geneve_xmit_skb` function. GENEVE is a tunneling protocol used for network virtualization, commonly deployed in cloud and data center environments. The flaw involves insufficient validation of GENEVE packet headers during transmission, which can be triggered by a local attacker with low privileges. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low attack complexity, requiring low privileges and no user interaction, resulting in high availability impact. Siemens has confirmed this affects SINEC OS versions prior to 3.1 on specific industrial networking hardware. The remediation requires updating to SINEC OS V3.1 or later, which contains the corrected header validation logic.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens SINEC OS devices to version 3.1 or later to remediate this vulnerability
- Review network segmentation for industrial control systems to limit exposure of GENEVE tunnel endpoints
- Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems
- Monitor for anomalous local access attempts on affected SCALANCE and RUGGEDCOM devices
- Verify that only authorized personnel have local access to devices running SINEC OS
Evidence notes
CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-15 from CISA CSAF. Vendor fix available requiring update to V3.1 or later. CVSS vector confirms local attack vector with low attack complexity and low privileges required.
Official resources
-
CVE-2024-35973 CVE record
CVE.org
-
CVE-2024-35973 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12