PatchSiren cyber security CVE debrief
CVE-2024-35983 Siemens CVE debrief
A bounds-checking vulnerability in the Linux kernel's CPU configuration handling affects Siemens industrial network devices. The flaw occurs when CONFIG_NR_CPUS is set to a power-of-two value, causing incorrect bit-width calculations that can lead to out-of-bounds access. This local vulnerability requires low privileges and no user interaction, resulting in high availability impact through potential denial of service. The issue was disclosed in August 2025 and affects SCALANCE and RUGGEDCOM product families running SINEC OS. Siemens has released updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial network infrastructure including manufacturing facilities, critical infrastructure operators, and industrial automation environments using SCALANCE switches or RUGGEDCOM devices. Security teams responsible for OT/ICS asset management and patch coordination should prioritize this update given the local attack surface on industrial network devices.
Technical summary
The vulnerability stems from incorrect bit-width calculation when CONFIG_NR_CPUS is configured as a power-of-two value in the Linux kernel bounds checking logic. This miscalculation can result in insufficient bits being allocated for CPU mask representations, leading to potential out-of-bounds memory access. The flaw is exploitable locally with low privileges and requires no user interaction. Successful exploitation results in denial of service (availability impact) without confidentiality or integrity effects. The vulnerability affects Siemens industrial networking products running SINEC OS, specifically the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, and RUGGEDCOM RST2428P switch. Siemens has addressed this in SINEC OS V3.1 and later versions.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM devices
- Verify current firmware versions on industrial network infrastructure against Siemens security advisory SSA-613116
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous local access attempts on affected devices pending patch deployment
- Review and update asset inventories to identify systems running vulnerable SINEC OS versions
Evidence notes
The vulnerability description indicates a bounds-checking issue related to CPU count configuration in the Linux kernel. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low attack complexity and privileges, resulting in high availability impact only. CISA's advisory (ICSA-25-226-15) was initially published 2025-08-12 and subsequently revised multiple times through 2026-02-25 to correct affected product listings and remove rejected CVEs. The source advisory lists specific product families: RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Remediation guidance specifies updating to SINEC OS V3.1 or later.
Official resources
-
CVE-2024-35983 CVE record
CVE.org
-
CVE-2024-35983 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12