PatchSiren cyber security CVE debrief
CVE-2024-40904 Siemens CVE debrief
A vulnerability in the Linux kernel's USB CDC-WDM (Wireless Device Management) class driver can cause CPU lockup due to excessive log message generation. The issue stems from uncontrolled logging that can exhaust system resources, leading to denial of service conditions. This vulnerability affects Siemens industrial networking products running SINEC OS, specifically the RUGGEDCOM RST2428P and SCALANCE X-family switches. The CVSS 4.4 MEDIUM severity reflects local attack vector requirements and high availability impact. CISA published this advisory on August 12, 2025, with subsequent revisions through February 25, 2026, including corrections to affected product lists and clarification of impacted configurations.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-12
- Original CVE updated
- 2026-02-25
- Advisory published
- 2025-08-12
- Advisory updated
- 2026-02-25
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly those deploying RUGGEDCOM RST2428P or SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices in critical infrastructure environments. OT security teams, ICS asset owners, and network administrators responsible for maintaining availability of industrial control systems should prioritize monitoring vendor guidance for remediation updates.
Technical summary
The vulnerability exists in the USB CDC-WDM class driver within the Linux kernel. Excessive log message generation can trigger CPU lockup, resulting in denial of service. This affects Siemens industrial networking products utilizing SINEC OS, including RUGGEDCOM RST2428P and select SCALANCE X-family switches. The issue requires local access to exploit and primarily impacts availability.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
- Apply vendor-provided firmware updates for affected SCALANCE and RUGGEDCOM devices when available
- Monitor system logs for anomalous USB CDC-WDM driver activity on affected industrial networking equipment
- Implement network segmentation to limit exposure of industrial control system devices per CISA ICS recommended practices
- Follow CISA guidance for defense-in-depth strategies for industrial control systems
Evidence notes
CVE published 2025-08-12 per CISA CSAF advisory ICSA-25-226-07. Advisory revised 2026-02-12 (corrected affected products), 2026-02-24 (clarified SCALANCE family configurations, removed rejected CVEs), and 2026-02-25 (CISA republication based on Siemens SSA-355557). Source indicates 'Misinformed' impact categorization for affected product IDs.
Official resources
-
CVE-2024-40904 CVE record
CVE.org
-
CVE-2024-40904 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12