PatchSiren cyber security CVE debrief
CVE-2024-36031 Siemens CVE debrief
A critical vulnerability in the Linux kernel's key management subsystem allows unconditional overwriting of key expiration times during instantiation, causing DNS resolution failures by setting expiration to TIME64_MAX and disabling further DNS updates. The vulnerability affects Siemens industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The issue stems from the kernel unconditionally calling key_set_expiry during key instantiation, which defaults keys to permanent status regardless of user-space configured expiration times. This breaks DNS resolution workflows that rely on time-limited key caching with periodic updates. Siemens has released firmware updates to address this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure including SCALANCE XC/XR/XCM/XRM/XCH/XRH series switches and RUGGEDCOM RST2428P devices in manufacturing, energy, transportation, and critical infrastructure sectors where reliable DNS resolution is essential for operational technology networks.
Technical summary
The vulnerability exists in the Linux kernel keys subsystem where key_set_expiry is unconditionally invoked during key instantiation, overwriting any expiration time previously configured by user-space. This causes the key expiration to default to TIME64_MAX (permanent), which specifically disrupts DNS resolution mechanisms that depend on time-bounded key caching with periodic refresh cycles. The fix restores conditional logic ensuring key_set_expiry is only called when the pre-parser explicitly sets a specific expiry value. The CVSS 3.1 score of 9.8 reflects network accessibility, low attack complexity, and no required privileges, with high impacts across all three security dimensions. Affected Siemens products utilize SINEC OS firmware based on the vulnerable Linux kernel versions.
Defensive priority
critical
Recommended defensive actions
- Apply vendor firmware update to V3.1 or later version for affected Siemens SCALANCE and RUGGEDCOM devices
- Review DNS resolution configurations on affected industrial control systems to verify proper key expiration behavior after patching
- Monitor for anomalous DNS resolution patterns that may indicate exploitation attempts
- Implement network segmentation for industrial control systems to limit exposure of key management interfaces
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
Vulnerability description and affected products confirmed through CISA ICS advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates network-exploitable, low-complexity attack with no privileges required, yielding high impact across confidentiality, integrity, and availability. Remediation guidance specifies update to V3.1 or later version. Advisory revision history shows multiple updates through 2026-02-25 correcting affected product lists and removing rejected CVEs.
Official resources
-
CVE-2024-36031 CVE record
CVE.org
-
CVE-2024-36031 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12