PatchSiren cyber security CVE debrief
CVE-2024-38381 Siemens CVE debrief
A use of uninitialized value vulnerability exists in the Linux kernel's NFC (Near Field Communication) NCI (NFC Controller Interface) subsystem. The nci_rx_work() function processes received packets from ndev->rx_q without properly validating header size, payload size, and total packet size before processing. An attacker with local access could trigger this flaw to cause a denial of service condition. The vulnerability was reported by syzbot and affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. Siemens has addressed this in SINEC OS V3.1 and later versions. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and low privileges required, with high availability impact but no confidentiality or integrity impact. CISA published advisory ICSA-25-226-15 on August 12, 2025, with subsequent updates through February 25, 2026 to correct affected product listings and incorporate Siemens ProductCERT guidance.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. ICS/OT security teams responsible for patch management in manufacturing, energy, transportation, and critical infrastructure sectors where these switches are deployed. System administrators managing SINEC OS-based network infrastructure should prioritize verification of current version and planning for update to V3.1 or later.
Technical summary
The vulnerability exists in nci_rx_work() within the Linux kernel's NFC NCI driver. The function parses packets from ndev->rx_q without validating header size, payload size, and total packet size. Missing validation allows processing of malformed packets with uninitialized values, leading to potential system instability or denial of service. The fix implements silent discarding of invalid packets upon detection. This kernel-level flaw propagates to Siemens industrial networking products utilizing SINEC OS, which incorporates the affected kernel components.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens SINEC OS devices to version 3.1 or later per vendor guidance
- Review network segmentation for industrial control systems to limit local access attack vectors
- Apply defense-in-depth strategies for ICS environments per CISA recommended practices
- Monitor for anomalous NFC-related activity on affected systems if NFC functionality is enabled
- Verify patch deployment across RUGGEDCOM RST2428P and SCALANCE X-family switch deployments
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15, which references Siemens ProductCERT advisory SSA-613116. The issue was originally identified by syzbot in the Linux kernel NFC NCI subsystem. Siemens remediation guidance specifies update to V3.1 or later. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack scope with availability impact only.
Official resources
-
CVE-2024-38381 CVE record
CVE.org
-
CVE-2024-38381 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12