PatchSiren cyber security CVE debrief
CVE-2024-39487 Siemens CVE debrief
CVE-2024-39487 is a medium-severity out-of-bounds read vulnerability in the Linux kernel's bonding driver, specifically within the `bond_option_arp_ip_targets_set()` function. The vulnerability was resolved in the Linux kernel, indicating a patch is available upstream. Siemens has assessed this CVE as affecting certain industrial networking products, including the RUGGEDCOM RST2428P and SCALANCE families, though the specific impact categorization in the source advisory is marked as 'Misinformed' for the tracked product IDs. The CVE was published on August 12, 2025, with subsequent modifications through February 25, 2026, including corrections to affected product listings and advisory republication based on Siemens ProductCERT guidance. Organizations running affected Siemens industrial control systems should consult vendor security advisories for patch availability and apply recommended mitigations following defense-in-depth practices for ICS environments.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens RUGGEDCOM RST2428P, SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, or SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices in industrial control system environments. Network administrators managing bonded network interfaces on Linux-based industrial equipment. Security teams responsible for OT/ICS vulnerability management and patch coordination.
Technical summary
The vulnerability exists in the Linux kernel's bonding driver within `bond_option_arp_ip_targets_set()`, where an out-of-bounds read condition could occur during ARP IP target configuration. This function handles setting IP addresses used for ARP monitoring in network bonding configurations. The out-of-bounds read suggests insufficient bounds checking when processing user-supplied ARP target parameters, potentially leading to information disclosure or denial of service conditions. The fix was committed to the Linux kernel upstream. Siemens industrial networking products incorporating affected kernel versions are impacted, with vendor security advisories providing product-specific remediation guidance.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific impact and patch guidance
- Verify kernel version on affected Siemens RUGGEDCOM and SCALANCE devices against vendor security bulletins
- Apply vendor-provided firmware updates when available, prioritizing internet-facing or critical infrastructure deployments
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor for anomalous network behavior on bonded interface configurations pending patch application
Evidence notes
The source CISA CSAF advisory (ICSA-25-226-07) tracks this CVE with threat category 'impact' marked as 'Misinformed' for product IDs CSAFPID-0006, CSAFPID-0002, and CSAFPID-0003. The advisory underwent four revision cycles, with the most significant update on 2026-02-25 republicating based on Siemens ProductCERT SSA-355557. The Linux kernel fix description indicates resolution of an out-of-bounds read condition in bonding driver ARP target configuration.
Official resources
-
CVE-2024-39487 CVE record
CVE.org
-
CVE-2024-39487 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12