PatchSiren cyber security CVE debrief
CVE-2024-36957 Siemens CVE debrief
CVE-2024-36957 is an off-by-one read vulnerability in the Linux kernel's octeontx2-af driver. The flaw occurs when the driver attempts to allocate `count + 1` bytes via `memdup_user(buffer, count + 1)` while userspace only provides a buffer of `count` bytes. This results in reading one byte beyond the verified userspace buffer boundary. The vulnerability was resolved by replacing `memdup_user` with `memdup_user_nul`, which properly handles NUL termination without over-reading. The issue affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. Siemens has issued a vendor fix requiring update to version 3.1 or later. The CVSS 3.1 vector indicates network attack vector with high attack complexity, requiring no privileges and user interaction, with no impact to confidentiality, integrity, or availability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- NONE
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family industrial networking devices, particularly those in critical infrastructure and operational technology environments where SINEC OS is deployed.
Technical summary
The octeontx2-af driver in the Linux kernel contained an off-by-one read vulnerability where `memdup_user(buffer, count + 1)` was called to allocate memory for a userspace buffer of `count` bytes. This caused the kernel to attempt reading one byte beyond the verified userspace buffer boundary. The fix replaces `memdup_user` with `memdup_user_nul`, which correctly handles NUL termination while respecting the actual buffer size provided by userspace. The vulnerability affects Siemens industrial networking products using SINEC OS.
Defensive priority
low
Recommended defensive actions
- Update affected Siemens SINEC OS devices to version 3.1 or later per vendor guidance
- Review network segmentation for industrial control systems to limit exposure of affected devices
- Apply defense-in-depth strategies for industrial control systems environments
- Monitor for vendor security advisories from Siemens ProductCERT for additional updates
Evidence notes
The vulnerability description is derived from the Linux kernel commit message resolving the issue, which explicitly describes the off-by-one read condition and the fix using memdup_user_nul. The affected product list and remediation guidance come from CISA ICS advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. The CVSS vector was provided in the source CSAF data.
Official resources
-
CVE-2024-36957 CVE record
CVE.org
-
CVE-2024-36957 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12