PatchSiren cyber security CVE debrief
CVE-2024-40912 Siemens CVE debrief
A deadlock vulnerability exists in the Linux kernel's mac80211 wireless subsystem within the ieee80211_sta_ps_deliver_wakeup() function. This flaw can cause system hangs when handling station power-save wakeup events, potentially leading to denial of service conditions in affected wireless networking implementations. The vulnerability was originally published in the Linux kernel and subsequently identified as affecting Siemens industrial networking products that incorporate the vulnerable wireless components. CISA republished this advisory on February 25, 2026, based on updated Siemens ProductCERT guidance (SSA-355557), which clarified affected product configurations and removed several rejected CVEs from the advisory.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial wireless networking infrastructure, particularly those deploying SCALANCE or RUGGEDCOM products in critical infrastructure environments. Security teams responsible for OT/ICS network availability should prioritize verification of patch status given the denial-of-service nature of this kernel-level deadlock.
Technical summary
CVE-2024-40912 is a deadlock vulnerability in the Linux kernel's mac80211 wireless subsystem, specifically in the ieee80211_sta_ps_deliver_wakeup() function. This function handles power-save wakeup events for wireless stations. A deadlock condition can occur when concurrent operations interact with power management state transitions, causing the kernel to hang indefinitely. The vulnerability affects Siemens industrial networking products that incorporate the vulnerable wireless stack, including SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family devices and RUGGEDCOM RST2428P units. The CISA advisory marks impact as 'Misinformed' for the listed product IDs, suggesting the original severity assessment may have been corrected in subsequent analysis. The February 25, 2026 advisory update reflects this reassessment based on Siemens ProductCERT guidance.
Defensive priority
medium
Recommended defensive actions
- Review Siemens ProductCERT advisory SSA-355557 for definitive product impact assessment and patch availability
- Verify whether deployed Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family or RUGGEDCOM RST2428P devices are configured with affected wireless functionality
- Apply kernel updates or vendor-provided firmware patches that address the mac80211 deadlock condition
- Monitor wireless network infrastructure for unexpected hangs or denial-of-service conditions that may indicate trigger attempts
- Implement network segmentation for critical industrial wireless networks to limit blast radius of potential denial-of-service events
- Follow CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The source advisory (ICSA-25-226-07) indicates this CVE was marked as 'Misinformed' in the impact assessment for affected Siemens products (CSAFPID-0006, CSAFPID-0002, CSAFPID-0003). The February 25, 2026 republication by CISA reflects updated product impact analysis from Siemens ProductCERT advisory SSA-355557. No CVSS score is available in the source corpus. The vulnerability description indicates a deadlock condition in wireless power management code, which is a classic kernel concurrency defect with denial-of-service impact.
Official resources
-
CVE-2024-40912 CVE record
CVE.org
-
CVE-2024-40912 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-08-12