PatchSiren cyber security CVE debrief
CVE-2024-38589 Siemens CVE debrief
A local privilege escalation vulnerability exists in the Linux kernel's NET/ROM amateur radio networking protocol implementation. The flaw involves a potential deadlock condition in the nr_rt_ioctl() function due to improper lock ordering between nr_node_list_lock and nr_node_lock. An attacker with local access could exploit this race condition to cause a denial of service through system deadlock. The vulnerability was discovered by syzbot automated fuzzing. Siemens has confirmed this affects certain industrial networking products running SINEC OS, including RUGGEDCOM RST2428P and SCALANCE X-family switches. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector, low attack complexity, and high availability impact. No confidentiality or integrity impacts are associated with this flaw.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment including RUGGEDCOM RST2428P switches and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family switches. Critical infrastructure operators, manufacturing facilities, and utility providers utilizing these devices in operational technology (OT) environments should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the nr_rt_ioctl() function within the Linux kernel's NET/ROM (Network/ROM) amateur radio networking protocol implementation. The flaw represents a classic lock ordering violation: the code fails to consistently acquire nr_node_list_lock before nr_node_lock(nr_node), creating a potential deadlock scenario when concurrent operations occur. This is a local vulnerability requiring low privileges to exploit, with successful exploitation resulting in system deadlock and denial of service. The fix ensures proper lock ordering by always acquiring nr_node_list_lock before nr_node_lock. Affected Siemens products incorporate this vulnerable kernel component in their SINEC OS firmware, specifically impacting RUGGEDCOM RST2428P and multiple SCALANCE X-family switch models used in industrial network infrastructure.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.1 or later for affected SCALANCE and RUGGEDCOM products per Siemens ProductCERT guidance
- For systems where immediate patching is not feasible, restrict local access to authorized administrators only
- Monitor system logs for unexpected NET/ROM protocol activity or system hangs that may indicate exploitation attempts
- Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
- Validate that security controls prevent unauthorized local access to affected devices, as the vulnerability requires local privileges to exploit
Evidence notes
CVE published 2025-08-12 per official CVE record. CISA ICS advisory ICSA-25-226-15 published same date. Siemens ProductCERT advisory SSA-613116 provides vendor confirmation and remediation guidance. Advisory modified 2026-02-25 with republication based on updated Siemens guidance.
Official resources
-
CVE-2024-38589 CVE record
CVE.org
-
CVE-2024-38589 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12