PatchSiren cyber security CVE debrief
CVE-2024-39509 Siemens CVE debrief
CVE-2024-39509 is a Linux kernel HID (Human Interface Device) subsystem issue where an unnecessary WARN_ON() macro in the implement() function could trigger excessive kernel warnings. The vulnerability exists in the HID core when attempting to write a value into a field of smaller size in an output report. While the implement() function already handles this case by trimming the value with a bitmask and logging via hid_warn(), the additional WARN_ON() was considered superfluous and has been removed. Siemens has assessed this vulnerability as affecting certain industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The vulnerability was initially published on August 12, 2025, with subsequent advisory updates through February 2026 to clarify affected product configurations and remove rejected CVEs from related advisories.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking equipment running SINEC OS, specifically RUGGEDCOM RST2428P switches and SCALANCE X-family switches (XC-300/XR-300/XC-400/XR-500WG/XR-500 and XCM-/XRM-/XCH-/XRH-300 families). Security teams monitoring kernel-level issues in embedded industrial systems should track this advisory for potential logging noise and patch availability.
Technical summary
This vulnerability resides in the Linux kernel's HID (Human Interface Device) core subsystem. The implement() function in drivers/hid/hid-core.c contained an unnecessary WARN_ON() macro that would trigger when writing values to fields smaller than the value being written. The function already properly handles this case by masking the value to fit the field size and logging an appropriate warning via hid_warn(). The redundant WARN_ON() could lead to excessive kernel warning messages without representing an actual error condition. The fix removes this superfluous warning macro while preserving the proper value trimming and hid_warn() logging behavior.
Defensive priority
low
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for specific product impact and patch availability
- Monitor vendor security advisories for SINEC OS updates addressing this kernel-level issue
- Assess logging infrastructure capacity if kernel warnings are observed on affected industrial networking equipment
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Verify affected product configurations, particularly for SCALANCE X-family switches where clarifications were issued in February 2026
Evidence notes
The vulnerability description indicates this is a code quality issue in the Linux kernel HID subsystem where an unnecessary WARN_ON() could generate excessive kernel warnings. The source advisory (ICSA-25-226-07) marks the impact as 'Misinformed' for affected Siemens products. The advisory underwent multiple revisions between August 2025 and February 2026, with the most recent update on February 25, 2026 clarifying affected configurations for the SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family.
Official resources
-
CVE-2024-39509 CVE record
CVE.org
-
CVE-2024-39509 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12