PatchSiren cyber security CVE debrief
CVE-2024-36889 Siemens CVE debrief
A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation could allow improper initialization of sequence numbers during early fallback to TCP, potentially leading to memory corruption or denial of service conditions. The issue stems from uninitialized snd_nxt and write_seq values when MPTCP falls back to TCP on client sockets before proper initialization. This affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was resolved by ensuring snd_nxt and write_seq are properly initialized at connect time. Siemens has released updates to address this issue in affected products.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those using RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices in industrial control system environments. System administrators responsible for maintaining firmware and kernel versions on industrial network equipment should prioritize this update.
Technical summary
This vulnerability exists in the Linux kernel's Multipath TCP (MPTCP) protocol implementation. When MPTCP falls back to TCP early on a client socket, the snd_nxt (send next) sequence number was not properly initialized. Any incoming ACK would copy this uninitialized value into snd_una (send unacknowledged). If the MPTCP worker subsequently attempted MPTCP-level re-injection after such an ACK, it would trigger send buffer cleanup using corrupted snd_una values, potentially causing memory corruption or system instability. The fix ensures snd_nxt and write_seq are initialized at connect time, preventing use of uninitialized values during fallback scenarios. This affects Siemens industrial networking products including RUGGEDCOM RST2428P and SCALANCE X-family switches running SINEC OS.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided updates to V3.1 or later for affected Siemens SCALANCE and RUGGEDCOM products per vendor guidance
- Review network segmentation for industrial control systems to limit exposure of affected devices
- Monitor for anomalous network behavior or unexpected worker process activity on affected systems
- Consult Siemens ProductCERT advisory SSA-613116 for detailed product-specific remediation guidance
- Follow CISA ICS recommended practices for defense-in-depth strategies for industrial control systems
Evidence notes
The vulnerability description indicates this was a kernel-level issue in MPTCP protocol handling, with a fix implemented to initialize sequence numbers at connect time. The source advisory (ICSA-25-226-15) from CISA, based on Siemens ProductCERT advisory SSA-613116, identifies affected Siemens industrial networking products. The advisory was initially published 2025-08-12 and most recently updated 2026-02-25. CVSS vector indicates network attack vector with high attack complexity, requiring no privileges but user interaction, with no impact to confidentiality, integrity, or availability in the base score—though the technical description suggests potential for memory corruption issues.
Official resources
-
CVE-2024-36889 CVE record
CVE.org
-
CVE-2024-36889 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12