CVE-2024-36006 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial switches in operational technology (OT) environments. Security teams responsible for industrial control system infrastructure and network administrators managing critical manufacturing or utility networks should prioritize patching.

Technical summary

The vulnerability exists in the mlxsw (Mellanox switch) driver's spectrum ACL TCAM implementation within the Linux kernel. Incorrect usage of kernel list APIs could result in memory corruption or list corruption leading to system instability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attack vector requiring low privileges, with high availability impact but no confidentiality or integrity impact. Affected Siemens products utilize this kernel component in their SINEC OS-based industrial Ethernet switches. The fix corrects the list API usage pattern to prevent the identified instability.

Defensive priority

medium

Recommended defensive actions

• Apply vendor-provided updates to SINEC OS V3.1 or later for affected SCALANCE and RUGGEDCOM devices
• Review Siemens security advisory SSA-613116 for specific product update instructions
• Implement network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous local access attempts on affected switch management interfaces
• Validate that no unsupported SINEC OS versions remain in production environments

Evidence notes

CVE published 2025-08-12; modified 2026-02-25. Source advisory ICSA-25-226-15 from CISA CSAF. Siemens ProductCERT SSA-613116 provides vendor remediation guidance. CVSS vector confirms local attack vector with availability impact.

Official resources