PatchSiren cyber security CVE debrief
CVE-2024-38558 Siemens CVE debrief
CVE-2024-38558 is a vulnerability in the Linux kernel's Open vSwitch (OVS) networking subsystem, specifically affecting how ICMPv6 packets are handled during userspace packet execution. The flaw occurs when OVS_PACKET_CMD_EXECUTE processes packet metadata, where the connection tracking (conntrack) original tuple for ICMPv6 packets can be incorrectly overwritten. This results from improper parsing of OVS_PACKET_ATTR_KEY attributes when populating the sw_flow_key structure with conntrack state information. The vulnerability is rated MEDIUM severity (CVSS 3.1: 5.5) with a local attack vector, requiring low privileges but no user interaction. Successful exploitation can lead to high availability impact through denial of service conditions in network virtualization environments. Siemens has identified this vulnerability as affecting multiple industrial networking product families including RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices running SINEC OS. The vendor has provided a fix in SINEC OS V3.1 and later versions. CISA published advisory ICSA-25-226-15 on August 12, 2025, with subsequent updates through February 25, 2026, to refine affected product listings and incorporate the latest Siemens ProductCERT guidance. Organizations operating affected Siemens industrial switches should prioritize updating to SINEC OS V3.1 or later to remediate this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including SCALANCE and RUGGEDCOM switch families, particularly those deployed in critical infrastructure environments with virtualized network functions. Security teams managing Open vSwitch deployments in Linux-based network virtualization stacks should also assess exposure.
Technical summary
The vulnerability exists in the Open vSwitch kernel module's handling of OVS_PACKET_CMD_EXECUTE for ICMPv6 packets. When parsing OVS_PACKET_ATTR_KEY to populate sw_flow_key structure with connection tracking metadata, the original conntrack tuple can be overwritten. This improper input validation (CWE-20) occurs during userspace-driven packet execution, potentially causing denial of service in network virtualization stacks. The flaw is local to the system requiring low privileges, with exploitation limited to availability impact. Affected Siemens products utilize Open vSwitch in their SINEC OS network operating system for industrial Ethernet switch management.
Defensive priority
medium
Recommended defensive actions
- Update affected Siemens devices to SINEC OS V3.1 or later version
- Review network segmentation for Open vSwitch deployments handling ICMPv6 traffic
- Monitor for anomalous ICMPv6 packet processing in virtualized network environments
- Apply defense-in-depth practices for industrial control systems per CISA guidance
Evidence notes
Vulnerability description derived from CISA CSAF advisory ICSA-25-226-15 and Siemens ProductCERT SSA-613116. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack vector with availability impact. Affected products confirmed through CSAF product tree: RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family. Remediation guidance specifies update to V3.1 or later per vendor_fix category in CSAF remediation data.
Official resources
-
CVE-2024-38558 CVE record
CVE.org
-
CVE-2024-38558 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12