PatchSiren cyber security CVE debrief
CVE-2024-36286 Siemens CVE debrief
A vulnerability in the Linux kernel's netfilter nfnetlink_queue subsystem has been resolved. The issue involved a missing RCU read lock in the instance_destroy_rcu() function, which could lead to use-after-free conditions or race conditions during cleanup operations. This affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability requires local access with low privileges to exploit, and successful exploitation results in high availability impact (denial of service). Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families). Critical infrastructure operators, manufacturing facilities, and utility providers using these devices in industrial control system environments should prioritize patching.
Technical summary
The vulnerability exists in the Linux kernel's netfilter nfnetlink_queue implementation. The instance_destroy_rcu() function lacked proper RCU (Read-Copy-Update) read locking, which is a synchronization mechanism used in the Linux kernel for lockless data structure access. Without this lock, concurrent operations could access freed memory or encounter race conditions during instance destruction, leading to system instability or denial of service. The fix acquires rcu_read_lock() before performing operations in the RCU callback context. This is a local privilege vulnerability with no confidentiality or integrity impact, but high availability impact due to potential kernel crashes or hangs.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates to V3.1 or later for affected SCALANCE and RUGGEDCOM devices per Siemens ProductCERT guidance
- Review network segmentation for industrial control systems to limit local access vectors
- Monitor for anomalous local process activity on affected devices
- Implement defense-in-depth strategies for industrial control systems environments
- Consult Siemens support resources for detailed update procedures for specific product models
Evidence notes
The vulnerability description indicates a kernel-level fix in netfilter: nfnetlink_queue, specifically adding rcu_read_lock() to instance_destroy_rcu(). The CVSS vector confirms local attack vector with low attack complexity and low privileges required. Siemens ProductCERT advisory SSA-613116 provides the authoritative remediation guidance. CISA advisory ICSA-25-226-15 republishes this information for industrial control systems stakeholders.
Official resources
-
CVE-2024-36286 CVE record
CVE.org
-
CVE-2024-36286 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12