PatchSiren cyber security CVE debrief
CVE-2024-40905 Siemens CVE debrief
CVE-2024-40905 describes a possible race condition in the Linux kernel IPv6 networking subsystem, specifically within the `__fib6_drop_pcpu_from()` function. This vulnerability was published on August 12, 2025, and last modified on February 25, 2026. The issue affects Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. According to CISA advisory ICSA-25-226-07, the vulnerability is categorized as 'Misinformed' in terms of impact for the affected product configurations, suggesting that the actual risk may differ from initial assessments or that specific conditions limit exploitability. The CVSS score of 4.4 (MEDIUM) indicates a moderate severity issue. Race conditions in kernel networking code can potentially lead to memory corruption, use-after-free scenarios, or denial of service conditions when IPv6 routing tables are modified concurrently. Organizations operating affected Siemens industrial networking equipment should monitor for firmware updates from Siemens ProductCERT and apply patches according to their maintenance windows.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, SCALANCE XCM-/XRM-/XCH-/XRH-300 family, or RUGGEDCOM RST2428P industrial Ethernet switches in IPv6-enabled environments. Critical infrastructure operators, manufacturing facilities, and utility providers utilizing these devices for industrial network segmentation should prioritize monitoring for patches.
Technical summary
A race condition exists in the Linux kernel's IPv6 forwarding information base (FIB) implementation within the `__fib6_drop_pcpu_from()` function. This per-CPU data structure manipulation during IPv6 route table updates could lead to inconsistent state under concurrent access. The vulnerability affects Siemens industrial networking products utilizing SINEC OS, which incorporates the vulnerable Linux kernel networking stack. The MEDIUM CVSS score reflects limited attack vectors typical of kernel race conditions requiring specific timing and privileged network configuration access.
Defensive priority
medium
Recommended defensive actions
- Monitor Siemens ProductCERT advisory SSA-355557 for firmware updates addressing this kernel-level IPv6 vulnerability
- Review IPv6 routing configurations on affected SCALANCE and RUGGEDCOM devices to assess exposure
- Apply defense-in-depth practices for industrial control systems as recommended by CISA
- Coordinate patching during planned maintenance windows given the MEDIUM severity rating
- Verify SINEC OS version and confirm applicability of this CVE to specific device configurations
Evidence notes
The source CISA CSAF advisory ICSA-25-226-07 (published 2025-08-12, modified 2026-02-25) identifies this CVE as affecting Siemens SINEC OS-based products. The threat categorization of 'Misinformed' impact suggests the vulnerability's actual risk profile may require clarification. The advisory references Siemens ProductCERT SSA-355557 as the authoritative source. No known exploitation in ransomware campaigns is documented.
Official resources
-
CVE-2024-40905 CVE record
CVE.org
-
CVE-2024-40905 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12