PatchSiren cyber security CVE debrief
CVE-2024-39489 Siemens CVE debrief
A memory leak vulnerability exists in the Linux kernel's IPv6 Segment Routing (SR) subsystem, specifically within the `seg6_hmac_init_algo` function. When initialization of HMAC algorithms fails partway through, the function returns without properly cleaning up previously allocated memory and cryptographic transform (tfm) structures. This leads to resource exhaustion over time, potentially causing denial of service through memory exhaustion on affected systems. The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). Siemens has identified this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector with low attack complexity, requiring low privileges but no user interaction, resulting in high availability impact. A vendor fix is available requiring update to version 3.1 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P and SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500, XCM-/XRM-/XCH-/XRH-300 families). System administrators responsible for OT/ICS network availability and memory-constrained embedded systems. Security teams tracking Linux kernel vulnerabilities in industrial control system supply chains.
Technical summary
The vulnerability resides in `seg6_hmac_init_algo()` within the Linux kernel's IPv6 Segment Routing implementation. During HMAC algorithm initialization, if any allocation fails after partial completion, the function exits without freeing previously allocated memory and crypto tfm structures. The fix modifies `seg6_hmac_exit()` to conditionally free only allocated resources, enabling safe reuse for cleanup. This is a classic partial-failure resource leak (CWE-401). Affected Siemens products utilize the vulnerable kernel component in their SINEC OS network operating system for industrial Ethernet switches.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided update to SINEC OS version 3.1 or later for affected Siemens RUGGEDCOM and SCALANCE products
- Monitor system memory utilization on affected devices for signs of resource exhaustion
- Implement network segmentation to limit local access to affected industrial control systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Validate successful patch deployment through version verification on managed devices
Evidence notes
Vulnerability description sourced from CISA CSAF advisory ICSA-25-226-15, which republishes Siemens ProductCERT advisory SSA-613116. The Linux kernel fix resolves improper cleanup in seg6_hmac_init_algo during partial initialization failure. Siemens advisory confirms affected products and remediation path. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack with availability impact only.
Official resources
-
CVE-2024-39489 CVE record
CVE.org
-
CVE-2024-39489 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12