PatchSiren cyber security CVE debrief
CVE-2024-36005 Siemens CVE debrief
CVE-2024-36005 is a vulnerability in the Linux kernel's netfilter nf_tables subsystem, specifically affecting how the table dormant flag is handled during netdev release events. The flaw could allow a local attacker to cause a denial of service condition. The vulnerability has been assigned a CVSS 3.1 score of 5.5 (MEDIUM severity) with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The vendor has provided a fix in version 3.1 or later. CISA published this advisory on August 12, 2025, with subsequent updates through February 25, 2026, including corrections to affected product listings and removal of rejected CVEs. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches and RUGGEDCOM RST2428P devices. Critical infrastructure operators, manufacturing facilities, and utility providers utilizing these devices in industrial control system environments should prioritize assessment and patching.
Technical summary
The vulnerability exists in the Linux kernel's netfilter nf_tables subsystem where the table dormant flag is not properly honored during netdev release event processing. This flaw in the kernel's network packet filtering framework can be triggered by a local attacker with low privileges, resulting in a denial of service condition. The affected code path involves improper state handling when network devices are released, potentially causing system instability or crash. Siemens industrial networking products running SINEC OS versions prior to 3.1 incorporate the vulnerable kernel component. The fix ensures proper handling of the dormant flag during netdev release events, preventing the race condition or state inconsistency that leads to the availability impact.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to SINEC OS version 3.1 or later for affected SCALANCE and RUGGEDCOM devices
- Verify device firmware versions against Siemens security advisory SSA-613116
- Implement network segmentation for industrial control systems per CISA recommended practices
- Monitor for anomalous local access attempts on affected devices
- Review and apply defense-in-depth strategies for industrial control environments
Evidence notes
Vulnerability description and CVSS scoring derived from CISA CSAF advisory ICSA-25-226-15. Affected products and remediation information confirmed through Siemens ProductCERT advisory SSA-613116. Timeline based on CISA advisory revision history showing initial publication 2025-08-12 and final republication 2026-02-25.
Official resources
-
CVE-2024-36005 CVE record
CVE.org
-
CVE-2024-36005 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12