PatchSiren cyber security CVE debrief
CVE-2024-35984 Siemens CVE debrief
A NULL function pointer dereference vulnerability exists in the I2C SMBus subsystem of the Linux kernel. This flaw can lead to a local denial-of-service condition when an attacker with low privileges triggers the dereference, resulting in system instability or crash. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 5.5, indicating localized impact without confidentiality or integrity compromise. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was initially published on August 12, 2025, with subsequent advisory revisions through February 2026 to correct affected product listings and remove rejected CVE entries. CISA republished the advisory on February 25, 2026, based on updated Siemens ProductCERT guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches, SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices, or RUGGEDCOM RST2428P industrial Ethernet switches in critical infrastructure, manufacturing, or process control environments. System administrators responsible for industrial control system security and network engineers managing OT/IT convergence infrastructure should prioritize firmware updates.
Technical summary
The vulnerability resides in the Linux kernel's I2C SMBus implementation where a NULL function pointer dereference can occur. This is a classic software defect where a function pointer is invoked without validation, leading to undefined behavior and potential kernel panic. The attack requires local access with low privileges and no user interaction, making it exploitable by authenticated users or processes on the affected system. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms the localized availability impact with high severity on the affected component. Siemens industrial networking products incorporating the vulnerable kernel code are exposed to this issue, potentially impacting operational technology environments where these devices are deployed.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to version 3.1 or later for affected SCALANCE and RUGGEDCOM devices
- Verify current firmware version through Siemens Industry Online Support portal
- Implement network segmentation for industrial control systems to limit local attack vector exposure
- Monitor for anomalous system crashes or instability on affected devices
- Review CISA ICS recommended practices for defense-in-depth strategies
- Establish maintenance windows for firmware updates on critical infrastructure devices
Evidence notes
Vulnerability description and CVSS vector derived from CISA CSAF advisory ICSA-25-226-15. Product impact confirmed through Siemens ProductCERT SSA-613116. Advisory revision history documents corrections to affected product list and removal of rejected CVEs in February 2026 updates.
Official resources
-
CVE-2024-35984 CVE record
CVE.org
-
CVE-2024-35984 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12