PatchSiren cyber security CVE debrief
CVE-2024-38596 Siemens CVE debrief
CVE-2024-38596 is a data race vulnerability in the Linux kernel's AF_UNIX socket implementation, specifically affecting the unix_release_sock and unix_stream_sendmsg functions. The vulnerability was resolved in the upstream Linux kernel. Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices. The CVSS 3.1 vector indicates a local attack vector with high attack complexity, requiring low privileges and resulting in high availability impact. Siemens has issued a vendor fix recommending update to version 3.1 or later. The CISA advisory ICSA-25-226-15 was initially published on August 12, 2025, and underwent multiple revisions through February 2026 to correct affected product listings and remove rejected CVEs.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE XC/XR series devices. OT security teams responsible for patch management in manufacturing, energy, and critical infrastructure environments. System integrators deploying SINEC OS-based industrial Ethernet solutions.
Technical summary
This vulnerability involves data races between unix_release_sock and unix_stream_sendmsg in the Linux kernel's AF_UNIX socket implementation. Data races occur when multiple threads access shared memory concurrently without proper synchronization, potentially leading to undefined behavior. In this context, the race condition could result in system instability or denial of service. The vulnerability requires local access and high attack complexity, limiting exploitation to authenticated users with existing system access. The fix involves proper synchronization primitives to prevent concurrent access to shared socket state during release and message send operations.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided update to SINEC OS version 3.1 or later for affected Siemens industrial networking products
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control systems
- Monitor Siemens ProductCERT advisory SSA-613116 for additional product-specific guidance
- Assess network segmentation to limit local access to affected industrial devices where patching is delayed
Evidence notes
The vulnerability description is sourced from the Linux kernel commit message resolving the data race. Siemens ProductCERT advisory SSA-613116 provides the vendor-specific impact assessment and remediation guidance. CISA's CSAF advisory ICSA-25-226-15 serves as the government advisory source, with revision history showing iterative corrections to product scope. The CVSS vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H confirms local attack requirements with availability impact only.
Official resources
-
CVE-2024-38596 CVE record
CVE.org
-
CVE-2024-38596 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12